Se connecter / S'enregistrer
Votre question

virus qui supprime les .exe de mon antivirus et plus de wifi

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Novembre 2007 14:12:29

:)  bonjours...

après avoir executé un programme
l'application a désactivé mon parfeux windows et ma supprimé
les .exe de mon antivirus (norton antivirus 2003)
et ceux de spybot
interloqué j'ai donc desactivé ma connection wifi pour ne pas choper d'autre virus
et au moment de la remettre surprise ! impossible il me dit qu'un autre logiciel gère ma conection...
j'ai donc désinstallé norton et j'ai voulu le réinstaller et paf erreur idem en voulant installer norton 2005 et idem avec panda antivirus 2005.
je suis donc venus sur ce forum pour voir si d'autre gens était dans le même cas et oui effectivment sa l'était
je me suis aperçu que je ne pouvais pas non plus démarer en mode sans echec...
sbif :sweat: 

backlight est en cour d'analyse
et elibagia na rien trouvé

voila mon rapport hitatchis

Logfile of HijackThis v1.99.1
Scan saved at 12:37:43, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\EASY FILE & FOLDER PROTECTOR\EFPAP.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Pierre\LOCALS~1\Temp\200721411733_mcinfo.exe /insfin
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pedrito49.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photobox.fr/assets/aurigma/ImageUploader4.ca...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pedrito49.spaces.live.com/PhotoUpload/MsnPUpld.c...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E18CE747-0DBC-47EA-A2C2-20DF77A460A5}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Easy File & Folder Protector (ACDService) - Unknown owner - C:\PROGRAM FILES\EASY FILE & FOLDER PROTECTOR\EFPAP.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Unknown owner - C:\Documents and Settings\Pierre\Bureau\Solid works 2005\Solid Works 2005 crack\lmgrd.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

en espérant avoir votre aide qui me serais précieuse je vous remercie d'avance

Autres pages sur : virus supprime exe antivirus wifi

4 Novembre 2007 15:52:52

pardon elibagia a trouvé se rapport :


Sat Nov 03 19:03:16 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.66
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.66
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"

Sat Nov 03 19:03:55 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sat Nov 03 19:04:24 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.66
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Eliminado Bagle

Sat Nov 03 19:05:19 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Nov 03 19:05:23 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 2894
Nº Total de Ficheros: 50078
Nº de Ficheros Analizados: 2634
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 8359
Nº Total de Ficheros: 107422
Nº de Ficheros Analizados: 10145
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Nov 04 14:04:06 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Nov 04 14:04:11 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 8360
Nº Total de Ficheros: 107432
Nº de Ficheros Analizados: 10147
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

et f-secure a trouvé ceci

11/04/07 15:20:26 [Info]: BlackLight Engine 1.0.67 initialized
11/04/07 15:20:26 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/04/07 15:20:26 [Note]: 7019 4
11/04/07 15:20:26 [Note]: 7005 0
11/04/07 15:20:36 [Note]: 7006 0
11/04/07 15:20:36 [Note]: 7011 3152
11/04/07 15:20:36 [Note]: 7026 0
11/04/07 15:20:36 [Note]: 7026 0
11/04/07 15:20:38 [Note]: FSRAW library version 1.7.1024
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
11/04/07 15:24:07 [Note]: 10002 3
11/04/07 15:24:07 [Note]: 10002 2
11/04/07 15:24:07 [Note]: 10002 2
11/04/07 15:29:09 [Note]: 10002 2
11/04/07 15:29:09 [Note]: 10002 2
11/04/07 15:53:36 [Note]: 7007 0

voila donc les trois rapport qui sont souvent demandé
en espérant avoir de nombreuse reponse
cordialment

5 Novembre 2007 01:24:17

va pour un quatrième rapport ptdr

donc rapport avec combofix :

ComboFix 07-11-01.1 - Pierre 2007-11-05 1:18:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.689 [GMT 1:00]
Running from: G:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))))))))
.

2007-11-05 01:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 19:02 <REP> d-------- C:\Muestras
2007-11-03 17:17 <REP> d-------- C:\Program Files\AxBx
2007-11-03 16:36 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-03 16:14 <REP> d-------- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
2007-11-03 16:14 <REP> d-------- C:\Program Files\Norton AntiVirus
2007-11-03 14:37 <REP> d-------- C:\Program Files\LMSOFT Web Creator Pro 4
2007-11-03 02:36 <REP> d-------- C:\Program Files\LMSOFT Web Creator Pro 3
2007-10-30 19:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-30 15:45 <REP> d-------- C:\Program Files\Real
2007-10-30 15:45 <REP> d-------- C:\My Games
2007-10-30 14:13 <REP> d-------- C:\BMW M3 Challenge
2007-10-29 18:07 <REP> d-------- C:\Program Files\SPAMfighter
2007-10-29 18:07 <REP> d-------- C:\Program Files\Fichiers communs\Application
2007-10-29 18:07 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro
2007-10-27 22:16 <REP> d-------- C:\Program Files\Sophos
2007-10-19 17:44 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-10-19 17:43 <REP> d-------- C:\Program Files\Realtek AC97
2007-10-19 17:43 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-10-19 17:43 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-10-19 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-14 14:17 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-10-14 13:41 <REP> d-------- C:\Program Files\THQ
2007-10-12 16:48 <REP> d--h----- C:\WINDOWS\PIF
2007-10-05 23:37 <REP> d-------- C:\Program Files\Raxco
2007-10-05 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Raxco
2007-10-05 23:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-05 22:49 <REP> d-------- C:\Documents and Settings\Pierre\.rainlendar2
2007-10-05 20:52 <REP> d-------- C:\Neo Sonic Universe
2007-10-05 20:52 <REP> d-------- C:\Buziol Games
2007-10-05 16:35 2,362 --a------ C:\WINDOWS\mozver.dat
2007-10-05 16:19 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 00:24 --------- d-----w C:\Program Files\SpeedFan
2007-11-03 16:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-03 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-03 15:14 --------- d-----w C:\Program Files\Symantec
2007-11-03 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 14:11 --------- d-s---w C:\Program Files\Xfire
2007-11-03 09:42 --------- d-----w C:\Program Files\eMule
2007-11-03 02:19 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Xfire
2007-11-01 08:09 --------- d-----w C:\Program Files\iTunes
2007-11-01 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 05:49 --------- d-----w C:\Program Files\Rockstar Games
2007-11-01 05:32 --------- d-----w C:\Program Files\Codemasters
2007-10-31 18:34 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-10-30 18:39 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Apple Computer
2007-10-30 18:35 --------- d-----w C:\Documents and Settings\Pierre\Application Data\TribalWeb
2007-10-30 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-29 12:33 --------- d-----w C:\Program Files\Webshots
2007-10-12 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 23:57 --------- d-----w C:\Program Files\A4Desk
2007-09-29 23:49 --------- d-----w C:\Program Files\WebAnimé
2007-09-28 22:55 --------- d-----w C:\Program Files\Outlook Express Launcher
2007-09-21 22:35 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-09-21 22:35 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-09-21 22:35 --------- d-----w C:\Program Files\kiss
2007-09-21 22:12 --------- d-----w C:\Program Files\DivX
2007-09-21 13:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-21 11:55 --------- d-----w C:\Program Files\Ulead Systems
2007-09-16 21:42 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-09-16 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-09-16 21:41 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-09-16 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-09-16 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-16 16:04 --------- d-----w C:\Program Files\Pinnacle
2007-09-16 12:17 --------- d-----w C:\Program Files\Sierra Entertainment
2007-09-15 19:32 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Ulead Systems
2007-09-15 19:21 --------- d-----w C:\Program Files\Windows Media Components
2007-09-15 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-11 08:41 --------- d-----w C:\Program Files\Smallvideosoft
2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22]
"nwiz"="nwiz.exe" [2006-06-01 16:22 C:\WINDOWS\system32\nwiz.exe]
"NVidia System Utility"="C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" [2004-05-21 14:05]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 16:22 C:\WINDOWS\system32\nvmctray.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 13:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 23:03]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2005-04-13 08:26:56 Zak]
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-01-21 11:40:56 Zak]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"<NO NAME>"=
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"MPTBox"=C:\Program Files\Canon\MultiPASS4\MPTBox.exe
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"msci"=C:\DOCUME~1\Pierre\LOCALS~1\Temp\200721411733_mcinfo.exe /insfin
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys
R1 FDCBNT;FDCBNT;\??\C:\WINDOWS\system32\FDCBNT.SYS
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
R3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys
S2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
S2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\Documents and Settings\Pierre\Bureau\Solid works 2005\Solid Works 2005 crack\lmgrd.exe
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\ACF.tmp
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1211u.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a5af98-007e-11dc-8555-0011099c2812}]
\Shell\AutoRun\command - G:\setup\i386\msetup.exe
\Shell\langenglish\command - G:\setup\i386\msetup.exe lang:english

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 01:25:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 1:26:17 - machine was rebooted
.
--- E O F ---
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS