Votre question

problème virus bloodhound

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Février 2007 13:53:48

Voila mon problème norton anti virus s'affole il y a des message d'erreurs sans cesse.je sais plus commen faire.
voici mon log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:50:57, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\navsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\msmsgr.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

mon bloc note vundo

Beginning removal...

Performing Repairs to the registry.
Done!


et mon rapport combo fix

"Proprietaire" - 07-02-10 13:52:38 Service Pack 2
ComboFix 07-02-08.2 - Running from: "C:\Documents and Settings\Proprietaire\Mes documents"

((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))


2007-02-10 12:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-02-09 19:24 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-02-09 19:19 <REP> d-------- C:\VundoFix Backups
2007-02-04 13:42 <REP> d-------- C:\Program Files\Lavasoft
2007-02-04 13:42 <REP> d-------- C:\DOCUME~1\PROPRI~1\Application Data\Lavasoft
2007-02-04 12:13 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-02-04 12:12 <REP> d-------- C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
2007-02-04 12:09 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-27 23:45 <REP> d-------- C:\Program Files\URUSoft
2007-01-27 11:53 22,029 ---hs---- C:\WINDOWS\system32\hggddaa.dll
2007-01-21 11:38 1,204,224 -r-hs---- C:\WINDOWS\navsvc.exe
2007-01-14 20:19 <REP> d-------- C:\DOCUME~1\PROPRI~1\Application Data\CyberLink
2007-01-14 20:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-01-14 20:13 <REP> d-------- C:\Temp
2007-01-14 20:11 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-01-14 20:11 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-01-14 20:11 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2007-01-14 20:11 <REP> d-------- C:\Program Files\lg_fwupdate
2007-01-14 20:09 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-14 20:09 <REP> d-------- C:\WINDOWS\system32\Adobe
2007-01-14 20:09 <REP> d-------- C:\WINDOWS\Profiles
2007-01-14 20:09 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2007-01-14 20:09 <REP> d-------- C:\DOCUME~1\PROPRI~1\Application Data\InterTrust
2007-01-14 20:08 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-01-14 20:08 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-01-14 20:08 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-01-14 20:08 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-01-14 20:08 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-01-14 20:08 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-01-14 20:08 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-01-14 20:08 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-01-14 20:08 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2007-01-14 20:08 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-14 20:08 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-14 20:08 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-01-14 20:08 <REP> d-------- C:\WINDOWS\InCD
2007-01-14 20:08 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-01-14 20:08 <REP> d-------- C:\Program Files\Ahead
2007-01-14 20:06 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-01-14 20:06 <REP> d-------- C:\Program Files\CyberLink DVD Solution
2007-01-14 20:06 <REP> d-------- C:\Program Files\CyberLink
2007-01-14 20:06 <REP> d-------- C:\MyWorks
2007-01-13 03:00 <REP> d-------- C:\WINDOWS\ie7updates


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-10 12:16 -------- d-------- C:\Program Files\steam
2007-02-10 12:16 -------- d-------- C:\Program Files\Fichiers communs\symantec shared
2007-02-09 19:05 -------- d-------- C:\Program Files\norton antivirus
2007-02-04 12:03 -------- d--h----- C:\Program Files\installshield installation information
2007-02-04 12:03 -------- d-------- C:\Program Files\ubisoft
2007-02-01 19:10 -------- d-------- C:\Program Files\google
2007-01-28 21:08 -------- d-------- C:\Program Files\emule
2007-01-20 15:57 -------- d---s---- C:\DOCUME~1\PROPRI~1\Application Data\microsoft
2007-01-14 20:15 -------- d-------- C:\Program Files\Fichiers communs\adaptec shared
2007-01-06 15:33 -------- d-------- C:\Program Files\msn messenger
2006-12-30 14:46 -------- d-------- C:\Program Files\java
2006-12-09 16:02 76110 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2006-12-09 16:02 470976 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Configuration de la C-BOX"="C:\\Program Files\\Cegetel\\C-BOX\\Wizard\\QuickAccess.exe"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccRegVfy.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\" blrun"
"Microsoft System Firewall 2006.2"="msmsgr.exe"
"SDR6V_Check"="\"C:\\Program Files\\Fichiers communs\\DriveCleaner 2006 Free\\SDRmon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Firewall 2006.2"="msmsgr.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF7C999D-43DD-43C3-A25B-2DB1A881664A}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8003b30-717a-11db-9f2e-0015f23f8cb3}]
Shell\AutoRun\command G:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-10 13:53:18


merci d'avance charli

Autres pages sur : probleme virus bloodhound

a b 8 Sécurité
10 Février 2007 13:55:28

BONJOUR !

Ton rapport Hijackthis n'est pas complet.
10 Février 2007 13:59:48

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\navsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\msmsgr.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe

la il l'est.mais j'ai supprimer deux truc qui avait por appélation system32 hggddaa c'est à dire le meme nom que mon virus c'est pour cela que je les aient supprimé
Contenus similaires
10 Février 2007 14:00:19

merci d'avance
a b 8 Sécurité
10 Février 2007 14:01:28

T'as du mal à poster un rapport complet...

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
10 Février 2007 14:13:03

voila le rapport
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 10/02/2007 a 14:11:31,68

*** Recherche de fichiers sur C:
C:\StubInstaller.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\smdat32m.sys FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND

"C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\" FOUND
"C:\Program Files\Fichiers communs\WhenU\" FOUND
"C:\Program Files\Need2Find\" FOUND
*** Fin du rapport !


j'espère que c'est ce que tu veu et encore merci de m'aider car je suis plus que novice...
10 Février 2007 14:20:33

Bonjour,

1/ Redémarre en mode Sans Échec
(au démarrage, tapote immédiatement la touche F8), puis tu verras un écran avec choix de démarrages :
choisis Mode sans échec avec les flèches du clavier, puis valide avec Entrée.
Choisis ton compte usuel (et non Administrateur).

Si tu n’arrives vraiment pas à redémarrer en mode sans échec je te propose ce lien :

Redémarrer en mode sans échec

2/ Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis cette fois l'option 2.

3/ Redémarre normalement

4/ Poste le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
10 Février 2007 14:26:08

Bonjour, j'ai pas de compte usuel moi ces administrteur
merci de m'aider
10 Février 2007 14:37:16

donc, c simple ton compte usuel est "administrateur"
un compte usuel c le compte que tu utilises toujours pour travailler
10 Février 2007 14:43:26

Re Charli47,

Bahh !! prend le compte administrateur :) 
10 Février 2007 14:55:05

voila le rapport clean mais ce qui m'inquiète c'est que j'ai toujour mes virus car je les restaurer au vendredi 9 février c'est a dire hier

voici le rapport


Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 10/02/2007 a 14:37:46,54

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\smdat32m.sys

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp

tentative de suppression de "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\"
tentative de suppression de "C:\Program Files\Fichiers communs\WhenU\"
tentative de suppression de "C:\Program Files\Need2Find\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !



10 Février 2007 14:56:12

merci de votre aide ca fait plaisir de pa se sentir seul
10 Février 2007 15:10:50

voici mon log


Logfile of HijackThis v1.99.1
Scan saved at 15:10:39, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\navsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\msmsgr.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ixpnjnyk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DF9ED43-9C3A-4114-AEE9-64CABEFB0D64} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EF7C999D-43DD-43C3-A25B-2DB1A881664A} - C:\WINDOWS\system32\hggddaa.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\hcibdicd.dll",setvm
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O20 - Winlogon Notify: hggddaa - C:\WINDOWS\SYSTEM32\hggddaa.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe

a b 8 Sécurité
10 Février 2007 15:26:31

Refais un scan Combofix, on finit le boulot.
10 Février 2007 16:03:54

voici le resulta du scan...merci :

"Proprietaire" - 07-02-10 15:59:59 Service Pack 2
ComboFix 07-02-08.2 - Running from: "C:\Documents and Settings\Proprietaire\Mes documents\anti virus"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\m.exe


((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))


2007-02-10 15:50 <REP> d-------- C:\Program Files\Need2Find
2007-02-10 15:50 <REP> d-------- C:\Program Files\Fichiers communs\WhenU
2007-02-10 15:50 <REP> d-------- C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
2007-02-10 14:50 494,642 ---hs---- C:\WINDOWS\system32\xbeeg.bak1
2007-02-10 14:50 494,430 ---hs---- C:\WINDOWS\system32\xbeeg.bak2
2007-02-10 14:31 <REP> d-------- C:\WINDOWS\pss
2007-02-09 19:24 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-02-09 19:19 <REP> d-------- C:\VundoFix Backups
2007-02-09 17:23 5,029,888 --a------ C:\DOCUME~1\PROPRI~1\ntuser.dat
2007-02-09 17:23 229,376 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-02-07 12:25 22,772 ---hs---- C:\WINDOWS\system32\mljkkkl.dll
2007-02-04 13:42 <REP> d-------- C:\Program Files\Lavasoft
2007-02-04 13:42 <REP> d-------- C:\DOCUME~1\PROPRI~1\Application Data\Lavasoft
2007-02-04 12:13 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-02-04 12:09 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-28 19:10 22,029 ---hs---- C:\WINDOWS\system32\efccbcd.dll
2007-01-27 23:45 <REP> d-------- C:\Program Files\URUSoft
2007-01-27 13:16 22,029 ---hs---- C:\WINDOWS\system32\vtuvwtu.dll
2007-01-27 13:08 22,029 ---hs---- C:\WINDOWS\system32\ssqpnoo.dll
2007-01-27 12:54 22,029 ---hs---- C:\WINDOWS\system32\cbxuusp.dll
2007-01-27 11:58 277,297 --a------ C:\WINDOWS\system32\geebx(2).dll
2007-01-27 11:58 277,297 ---hs---- C:\WINDOWS\system32\geebx.dll
2007-01-27 11:53 22,029 ---hs---- C:\WINDOWS\system32\hggddaa.dll
2007-01-21 11:38 1,204,224 -r-hs---- C:\WINDOWS\navsvc.exe
2007-01-14 20:19 <REP> d-------- C:\DOCUME~1\PROPRI~1\Application Data\CyberLink
2007-01-14 20:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-01-14 20:13 <REP> d-------- C:\Temp
2007-01-14 20:11 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-01-14 20:11 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-01-14 20:11 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2007-01-14 20:11 <REP> d-------- C:\Program Files\lg_fwupdate
2007-01-14 20:09 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-14 20:09 <REP> d-------- C:\WINDOWS\system32\Adobe
2007-01-14 20:09 <REP> d-------- C:\WINDOWS\Profiles
2007-01-14 20:09 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2007-01-14 20:09 <REP> d-------- C:\DOCUME~1\PROPRI~1\Application Data\InterTrust
2007-01-14 20:08 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-01-14 20:08 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-01-14 20:08 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-01-14 20:08 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-01-14 20:08 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-01-14 20:08 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-01-14 20:08 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-01-14 20:08 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-01-14 20:08 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2007-01-14 20:08 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-14 20:08 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-14 20:08 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-01-14 20:08 <REP> d-------- C:\WINDOWS\InCD
2007-01-14 20:08 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-01-14 20:08 <REP> d-------- C:\Program Files\Ahead
2007-01-14 20:06 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-01-14 20:06 <REP> d-------- C:\Program Files\CyberLink DVD Solution
2007-01-14 20:06 <REP> d-------- C:\Program Files\CyberLink
2007-01-14 20:06 <REP> d-------- C:\MyWorks
2007-01-13 03:00 <REP> d-------- C:\WINDOWS\ie7updates


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-10 15:56 -------- d-------- C:\Program Files\steam
2007-02-10 15:55 -------- d-------- C:\Program Files\Fichiers communs\symantec shared
2007-02-09 19:05 -------- d-------- C:\Program Files\norton antivirus
2007-02-04 12:03 -------- d--h----- C:\Program Files\installshield installation information
2007-02-04 12:03 -------- d-------- C:\Program Files\ubisoft
2007-02-01 19:10 -------- d-------- C:\Program Files\google
2007-01-28 21:08 -------- d-------- C:\Program Files\emule
2007-01-20 15:57 -------- d---s---- C:\DOCUME~1\PROPRI~1\Application Data\microsoft
2007-01-14 20:15 -------- d-------- C:\Program Files\Fichiers communs\adaptec shared
2007-01-06 15:33 -------- d-------- C:\Program Files\msn messenger
2006-12-30 14:46 -------- d-------- C:\Program Files\java
2006-12-09 16:02 76110 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2006-12-09 16:02 470976 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Configuration de la C-BOX"="C:\\Program Files\\Cegetel\\C-BOX\\Wizard\\QuickAccess.exe"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccRegVfy.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\" blrun"
"Microsoft System Firewall 2006.2"="msmsgr.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\hcibdicd.dll\",setvm"
"SDR6V_Check"="\"C:\\Program Files\\Fichiers communs\\DriveCleaner 2006 Free\\SDRmon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Firewall 2006.2"="msmsgr.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF7C999D-43DD-43C3-A25B-2DB1A881664A}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggddaa

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-10 16:03:14
C:\ComboFix2.txt ... 07-02-10 13:53
a b 8 Sécurité
10 Février 2007 16:59:26

Re,

! Mets Combofix sur ton Bureau !

Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v geebx hggddaa
puis clic sur OK.

Suis les invites.

Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS