Se connecter / S'enregistrer
Votre question

suite de daily search

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Octobre 2007 16:55:43

bonjour

j'ai entamé une discussion samedi passé mais je n'ai pu terminer la procédure de nettoyage pour cause de déplacement prof

j'ai donc un problème de recherche sur le net avec daily-search qui me revient systématiquement

ci dessous le log de Lop S&D

comment nettoyer ?

déjà merci pour votre aide



------------------------------[ Lop S&D 1.3 ]----------------------------

Version : Microsoft Windows XP [Version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "D:\Storages PC\MLTMD\Lop S&D"

Rapport créé Le Sat 13/10/2007 à 17:40:26,92 PC : PC34BC44EB2B

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrator\Application Data\Identities
C:\Documents and settings\Administrator\Application Data\Microsoft
C:\Documents and settings\Administrator\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\DragToDiscUserNameF.txt
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Ahead
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\DragToDiscUserNameG.txt
C:\Documents and settings\All Users\Application Data\Roxio
C:\Documents and settings\All Users\Application Data\SupportSoft
C:\Documents and settings\All Users\Application Data\Support.com
C:\Documents and settings\All Users\Application Data\Symantec
C:\Documents and settings\All Users\Application Data\PC Suite
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\DirectCDUserNameF.txt
C:\Documents and settings\All Users\Application Data\vidcap
C:\Documents and settings\All Users\Application Data\Spontania4IM
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\Skype
C:\Documents and settings\All Users\Application Data\CA
C:\Documents and settings\All Users\Application Data\Creative
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\desktop.ini

C:\Documents and settings\LocalService\Application Data\Ahead
C:\Documents and settings\LocalService\Application Data\Help
C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\MASTER\Application Data\Microsoft
C:\Documents and settings\MASTER\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\MASTER\Application Data\Ahead
C:\Documents and settings\MASTER\Application Data\Skype
C:\Documents and settings\MASTER\Application Data\AdobeUM
C:\Documents and settings\MASTER\Application Data\NeroDCTemplates
C:\Documents and settings\MASTER\Application Data\Roxio
C:\Documents and settings\MASTER\Application Data\OLYMPUS
C:\Documents and settings\MASTER\Application Data\DriveCleaner 2006 Free
C:\Documents and settings\MASTER\Application Data\PC Suite
C:\Documents and settings\MASTER\Application Data\Nokia
C:\Documents and settings\MASTER\Application Data\Google
C:\Documents and settings\MASTER\Application Data\Sun
C:\Documents and settings\MASTER\Application Data\Macromedia
C:\Documents and settings\MASTER\Application Data\Leadertech
C:\Documents and settings\MASTER\Application Data\Scooter Software
C:\Documents and settings\MASTER\Application Data\Apple Computer
C:\Documents and settings\MASTER\Application Data\FotoWire
C:\Documents and settings\MASTER\Application Data\Adobe
C:\Documents and settings\MASTER\Application Data\Morpheus
C:\Documents and settings\MASTER\Application Data\Lavasoft
C:\Documents and settings\MASTER\Application Data\Mozilla
C:\Documents and settings\MASTER\Application Data\Kazaa Lite
C:\Documents and settings\MASTER\Application Data\ArcSoft
C:\Documents and settings\MASTER\Application Data\Nikon
C:\Documents and settings\MASTER\Application Data\Real
C:\Documents and settings\MASTER\Application Data\Help
C:\Documents and settings\MASTER\Application Data\InterTrust
C:\Documents and settings\MASTER\Application Data\InterVideo
C:\Documents and settings\MASTER\Application Data\Creative
C:\Documents and settings\MASTER\Application Data\Identities
C:\Documents and settings\MASTER\Application Data\desktop.ini

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\Owner\Application Data\Identities
C:\Documents and settings\Owner\Application Data\Microsoft
C:\Documents and settings\Owner\Application Data\desktop.ini


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\7-Zip
C:\Program Files\ABC
C:\Program Files\Adobe
C:\Program Files\ArcSoft
C:\Program Files\AskTBar
C:\Program Files\AxylomClass
C:\Program Files\AxylomClassPosteEnfant
C:\Program Files\Barbie(TM)
C:\Program Files\Belgacom
C:\Program Files\Beyond Compare 2
C:\Program Files\Burn4Free
C:\Program Files\CA
C:\Program Files\Canon
C:\Program Files\CCleaner
C:\Program Files\Common Files
C:\Program Files\COMPAQ
C:\Program Files\ComPlus Applications
C:\Program Files\Creative
C:\Program Files\DIFX
C:\Program Files\directx
C:\Program Files\DVD Shrink
C:\Program Files\dvdSanta
C:\Program Files\ewido
C:\Program Files\Google
C:\Program Files\GoogleEarthSetup.exe
C:\Program Files\Gorillaz
C:\Program Files\Grisoft
C:\Program Files\ING
C:\Program Files\INSTALL.LOG
C:\Program Files\intel
C:\Program Files\Internet Explorer
C:\Program Files\InterVideo
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Java Web Start
C:\Program Files\Lavasoft
C:\Program Files\LEGO Media
C:\Program Files\limewire
C:\Program Files\Logitech
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Mindscape
C:\Program Files\Minuscule.04
C:\Program Files\Movie Maker
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Netscape
C:\Program Files\Nikon
C:\Program Files\OLYMPUS
C:\Program Files\Online Services
C:\Program Files\Outlook Express
C:\Program Files\PC Connectivity Solution
C:\Program Files\PCPitstop
C:\Program Files\Peanuts Baseball Game
C:\Program Files\PestPatrol
C:\Program Files\PIXELA
C:\Program Files\Program Shortcuts
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RegistrySmart
C:\Program Files\Reject False Icons
C:\Program Files\Roxio
C:\Program Files\Skype
C:\Program Files\SLD Codec Pack
C:\Program Files\SMS-it
C:\Program Files\StreamCast
C:\Program Files\Sunbelt Software
C:\Program Files\SupportSoft
C:\Program Files\SureThing
C:\Program Files\Symantec
C:\Program Files\Symantec_Client_Security
C:\Program Files\Ulead iPhoto Express
C:\Program Files\Viewpoint
C:\Program Files\Virtools Web Player 3.0
C:\Program Files\Volo View Express
C:\Program Files\vso
C:\Program Files\Winamp
C:\Program Files\Winamp3
C:\Program Files\Windows Live
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinZip
C:\Program Files\xerox
C:\Program Files\Yahoo!

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------


----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 17:41:18
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
! EGDACCESS Possible !

F:\Autorun.inf


--------------------[ Fin du rapport à 17:44:25,90 ]----------------------

Autres pages sur : suite daily search

a b 8 Sécurité
21 Octobre 2007 17:02:42

Bonjour,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
21 Octobre 2007 17:18:16



et voilà !


Search Navipromo version 3.3.0 commencé le Sun 21/10/2007 à 17:23:15,78

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 17.10.2007 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 6.0.2800.1106


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\MASTER\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\MASTER\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\MASTER\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***


C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\pack.epk trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le Sun 21/10/2007 à 17:23:58,81 ***
Contenus similaires
21 Octobre 2007 19:11:01

re salut

est ce qu'on y voit qq chose ? en fait il s'agit de search-daily .com qui me revient sans cesse et pas daily search

merci de votre aide !
a b 8 Sécurité
21 Octobre 2007 19:40:31

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.
21 Octobre 2007 20:26:44

et voilà les deux logs

est ce propre ?


déjà et encore merci



Clean Navipromo version 3.3.0 commencé le Sun 21/10/2007 à 20:23:00,34

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 17.10.2007 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 6.0.2800.1106

Mode suppression automatique



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans C:\DOCUME~1\MASTER\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\MASTER\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS ***



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\MASTER\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche, création sauvegardes et suppression Heuristique :


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:09, on 21/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2698C61C-7378-4B68-A504-F723627F9344} - C:\WINDOWS\System32\CTSBLF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8581 bytes

a b 8 Sécurité
21 Octobre 2007 20:42:07

Refais un scan Lop S&D option 1.
21 Octobre 2007 21:51:57

stp

pour l'instant l'infection est tjrs présente



------------------------------[ Lop S&D 1.3 ]----------------------------

Version : Microsoft Windows XP [Version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "D:\Storages PC\MLTMD\Lop S&D"

Rapport créé Le Sun 21/10/2007 à 21:52:51,89 PC : PC34BC44EB2B

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrator\Application Data\Identities
C:\Documents and settings\Administrator\Application Data\Microsoft
C:\Documents and settings\Administrator\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\DragToDiscUserNameF.txt
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Ahead
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\DragToDiscUserNameG.txt
C:\Documents and settings\All Users\Application Data\Roxio
C:\Documents and settings\All Users\Application Data\SupportSoft
C:\Documents and settings\All Users\Application Data\Support.com
C:\Documents and settings\All Users\Application Data\Symantec
C:\Documents and settings\All Users\Application Data\PC Suite
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\DirectCDUserNameF.txt
C:\Documents and settings\All Users\Application Data\vidcap
C:\Documents and settings\All Users\Application Data\Spontania4IM
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\Skype
C:\Documents and settings\All Users\Application Data\CA
C:\Documents and settings\All Users\Application Data\Creative
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\desktop.ini

C:\Documents and settings\LocalService\Application Data\Ahead
C:\Documents and settings\LocalService\Application Data\Help
C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\MASTER\Application Data\Microsoft
C:\Documents and settings\MASTER\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\MASTER\Application Data\Ahead
C:\Documents and settings\MASTER\Application Data\Skype
C:\Documents and settings\MASTER\Application Data\AdobeUM
C:\Documents and settings\MASTER\Application Data\NeroDCTemplates
C:\Documents and settings\MASTER\Application Data\Roxio
C:\Documents and settings\MASTER\Application Data\OLYMPUS
C:\Documents and settings\MASTER\Application Data\DriveCleaner 2006 Free
C:\Documents and settings\MASTER\Application Data\PC Suite
C:\Documents and settings\MASTER\Application Data\Nokia
C:\Documents and settings\MASTER\Application Data\Google
C:\Documents and settings\MASTER\Application Data\Sun
C:\Documents and settings\MASTER\Application Data\Macromedia
C:\Documents and settings\MASTER\Application Data\Leadertech
C:\Documents and settings\MASTER\Application Data\Scooter Software
C:\Documents and settings\MASTER\Application Data\Apple Computer
C:\Documents and settings\MASTER\Application Data\FotoWire
C:\Documents and settings\MASTER\Application Data\Adobe
C:\Documents and settings\MASTER\Application Data\Morpheus
C:\Documents and settings\MASTER\Application Data\Lavasoft
C:\Documents and settings\MASTER\Application Data\Mozilla
C:\Documents and settings\MASTER\Application Data\Kazaa Lite
C:\Documents and settings\MASTER\Application Data\ArcSoft
C:\Documents and settings\MASTER\Application Data\Nikon
C:\Documents and settings\MASTER\Application Data\Real
C:\Documents and settings\MASTER\Application Data\Help
C:\Documents and settings\MASTER\Application Data\InterTrust
C:\Documents and settings\MASTER\Application Data\InterVideo
C:\Documents and settings\MASTER\Application Data\Creative
C:\Documents and settings\MASTER\Application Data\Identities
C:\Documents and settings\MASTER\Application Data\desktop.ini

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\Owner\Application Data\Identities
C:\Documents and settings\Owner\Application Data\Microsoft
C:\Documents and settings\Owner\Application Data\desktop.ini


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\7-Zip
C:\Program Files\ABC
C:\Program Files\Adobe
C:\Program Files\ArcSoft
C:\Program Files\AskTBar
C:\Program Files\AxylomClass
C:\Program Files\AxylomClassPosteEnfant
C:\Program Files\Barbie(TM)
C:\Program Files\Belgacom
C:\Program Files\Beyond Compare 2
C:\Program Files\Burn4Free
C:\Program Files\CA
C:\Program Files\Canon
C:\Program Files\CCleaner
C:\Program Files\Common Files
C:\Program Files\COMPAQ
C:\Program Files\ComPlus Applications
C:\Program Files\Creative
C:\Program Files\DIFX
C:\Program Files\directx
C:\Program Files\DVD Shrink
C:\Program Files\dvdSanta
C:\Program Files\ewido
C:\Program Files\Google
C:\Program Files\GoogleEarthSetup.exe
C:\Program Files\Gorillaz
C:\Program Files\Grisoft
C:\Program Files\ING
C:\Program Files\INSTALL.LOG
C:\Program Files\intel
C:\Program Files\Internet Explorer
C:\Program Files\InterVideo
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Java Web Start
C:\Program Files\Lavasoft
C:\Program Files\LEGO Media
C:\Program Files\limewire
C:\Program Files\Logitech
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Mindscape
C:\Program Files\Minuscule.04
C:\Program Files\Movie Maker
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\Navilog1
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Netscape
C:\Program Files\Nikon
C:\Program Files\OLYMPUS
C:\Program Files\Online Services
C:\Program Files\Outlook Express
C:\Program Files\PC Connectivity Solution
C:\Program Files\PCPitstop
C:\Program Files\Peanuts Baseball Game
C:\Program Files\PestPatrol
C:\Program Files\PIXELA
C:\Program Files\Program Shortcuts
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RegistrySmart
C:\Program Files\Reject False Icons
C:\Program Files\Roxio
C:\Program Files\Skype
C:\Program Files\SLD Codec Pack
C:\Program Files\SMS-it
C:\Program Files\StreamCast
C:\Program Files\Sunbelt Software
C:\Program Files\SupportSoft
C:\Program Files\SureThing
C:\Program Files\Symantec
C:\Program Files\Symantec_Client_Security
C:\Program Files\Trend Micro
C:\Program Files\Ulead iPhoto Express
C:\Program Files\Viewpoint
C:\Program Files\Virtools Web Player 3.0
C:\Program Files\Volo View Express
C:\Program Files\vso
C:\Program Files\Winamp
C:\Program Files\Winamp3
C:\Program Files\Windows Live
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinZip
C:\Program Files\xerox
C:\Program Files\Yahoo!

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------


----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 21:54:20
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport à 21:57:55,89 ]----------------------
a b 8 Sécurité
21 Octobre 2007 22:13:29

Tu connais AskTBar ?
21 Octobre 2007 22:14:23

non mais si ça peut aider ...
a b 8 Sécurité
21 Octobre 2007 22:16:38

Désinstalle ce programme.
21 Octobre 2007 22:24:48

désinstallé et pc rebooté

le problème persiste
a b 8 Sécurité
21 Octobre 2007 22:27:19

Reposte un rapport Hijackthis.
21 Octobre 2007 22:29:16

stp


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:31, on 21/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2698C61C-7378-4B68-A504-F723627F9344} - C:\WINDOWS\System32\CTSBLF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8325 bytes
a b 8 Sécurité
21 Octobre 2007 22:30:50

Tu as ce problème sur tous les sites ?
21 Octobre 2007 22:38:17

non pas systématiquement mais après qq recherches il retombe dessus (avec variantes, maintenant c'est searchdig.com) et ne quitte plus

bref une saleté
21 Octobre 2007 23:02:08

je reprendrai demain. si entre temps vous avez l'inspiration ...

encore merci
a b 8 Sécurité
22 Octobre 2007 18:03:17

Je voudrais vérifier qq chose :

Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
**Si le lien ne fonctionne pas, clique [#ff0000]ici
**

Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
22 Octobre 2007 23:03:37

voilà les deux logs


Username "MASTER" - 22/10/2007 22:53:44 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B35CDAAB-628F-4786-8FDD-BCDD26A4CD66}
"DhcpNameServer"="85.255.115.236,85.255.112.186" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "hpdsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "ccjsc" Value deleted
HKCR\CLSID\{1F5E5E5E-4B14-4FED-825C-E6A5D4BF82CE}\_h\4 Deleted.
HKCR\CLSID\{E08069A0-E3E3-41B6-96B7-F77A1C1BCFB0}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCOLOREAL"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"CAPON"="C:\\WINDOWS\\System32\\Spool\\Drivers\\w32x86\\3\\CAPONN.EXE"
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust PestPatrol\\PPActiveDetection.exe\""
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"CaISSDT"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Belgacom"="\"C:\\Program Files\\Belgacom\\bin\\sprtcmd.exe\" /P Belgacom"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:42, on 22/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2698C61C-7378-4B68-A504-F723627F9344} - C:\WINDOWS\System32\CTSBLF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8364 bytes



a b 8 Sécurité
23 Octobre 2007 12:08:23

Mieux ?
24 Octobre 2007 23:39:33

non désolé

exemple je lance le mot "chien" sur google et voilà ou je retombe (voir ci dessous)

bref bien accroché

y a t'il d'autres pistes ?
déjà merci



---édité par Angeldark---
a b 8 Sécurité
25 Octobre 2007 09:41:25

ok.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    27 Octobre 2007 12:16:47

    et voilà


    ComboFix 07-10-26.4 - MASTER 2007-10-27 12:10:36.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.116 [GMT 2:00]
    Running from: D:\Storages PC\MLTMD\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\MASTER\Application Data\DriveCleaner 2006 Free
    C:\Documents and Settings\MASTER\Application Data\DriveCleaner 2006 Free\Logs\update.log
    C:\Documents and Settings\MASTER\err.log
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\system32\ctsblf.dll
    C:\WINDOWS\system32\drivers\auwmtbvj.dat
    C:\WINDOWS\system32\drivers\rlielmbo.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_ZNGHISEK
    -------\znghisek


    ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
    .

    2007-10-27 12:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-21 20:26 3,953 --a------ C:\WINDOWS\system32\gnc.exe
    2007-10-21 20:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-21 19:11 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-21 17:18 <DIR> d-------- C:\Program Files\Navilog1
    2007-10-14 17:54 205,140 --a------ C:\WINDOWS\xobglu32.dll
    2007-10-14 17:54 63,488 --a------ C:\WINDOWS\xobglu16.dll
    2007-09-29 14:35 59,392 --a------ C:\WINDOWS\system32\cdosy.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-22 21:09 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-08 12:28 --------- d-----w C:\Program Files\Reject False Icons
    2007-01-31 21:03 61,824 -c--a-w C:\Documents and Settings\MASTER\Application Data\GDIPFONTCACHEV1.DAT
    2005-09-25 21:51 11,693,024 -c--a-w C:\Program Files\GoogleEarthSetup.exe
    2003-05-17 21:04 810 -c--a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 13:40]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-11-18 15:15]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00]
    "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 12:35]
    "CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01]
    "CAPON"="C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-21 01:00]
    "eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2005-11-07 11:47]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
    "CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-29 15:42]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-07-26 23:57]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-20 22:26]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 10:34]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-18 20:49]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:41]
    "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2003-11-01 20:19]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-09-22 22:13:53]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    Fenêtre d'état Canon LBP-800.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2003-03-04 00:51:47]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-18 19:45:14]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
    backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spontania Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spontania Monitor.lnk
    backup=C:\WINDOWS\pss\Spontania Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MASTER^Start Menu^Programs^Startup^ADILOOK Français sur disque C.LNK]
    path=C:\Documents and Settings\MASTER\Start Menu\Programs\Startup\ADILOOK Français sur disque C.LNK
    backup=C:\WINDOWS\pss\ADILOOK Français sur disque C.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys
    R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido\security suite\guard.sys
    R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
    R1 UDFReadr;UDFReadr;C:\WINDOWS\System32\drivers\UDFReadr.sys
    R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
    R2 RapidPort;RapidPort;\??\C:\WINDOWS\System32\Drivers\CAPLPTN.SYS
    R2 ScFBPNT;CanoScan FBP Port Driver;\??\C:\WINDOWS\System32\drivers\ScFBPNT.SYS
    R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
    S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\System32\DRIVERS\atmlane.sys
    S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\System32\DRIVERS\atmlane.sys

    *Newly Created Service* - NMSCFG
    .
    Contents of the 'Scheduled Tasks' folder
    "2003-02-20 07:12:55 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-27 12:19:49
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-27 12:21:28 - machine was rebooted
    .
    --- E O F ---

    a b 8 Sécurité
    27 Octobre 2007 12:24:58

    Et maintenant ?
    27 Octobre 2007 15:05:58

    résolu, :-)

    vraiment merci à tous et à la prochaine
    a b 8 Sécurité
    27 Octobre 2007 15:43:07

    Reposte un rapport Hijackthis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS