le_yeti

Malheureusement non - Je cherche une astuce SOFT only. Comment faire croire à xp qu'il a un lpt1:, alors qu'il n'en a pas ? Comment router l'usb0 sur ce pseudo-lpt1: ? Coté câbles, j'en profite pour recommander un de mes fournisseurs : www.lindy.com Pas cher du tout, et super qualité. Merci quand même, Qui d'autre a une idée géniale ? Moi, je sêche ! Le Yéti

Bonjour à tous ! - Soit un portable récent qui ne possède pas de port parallèle, mais uniquement de l'usb. - Soit une imprimante avec la même caractéristique. - Soit un programme qui ne sait appeler QUE lpt1: Comment faire pour que le prog imprime sur l'imprimante ? Détails environnementaux : - OS : Win XP sp2 - Prog : Vieux truc génial et pas modifiable tournant à l'origine sous ms-dos Avec mes voeux les plus binaires pour cette nouvelle année, Le Yéti.

Bonsoir, Je pense avoir un problème similaire (peut-être qu'en confrontant nos expériences...) : - Une douzaine de répertoires partagés sur un serveur distant - Une cinquantaine d'utilisateurs qui y accèdent de façons différentes S'ils passent par les "favoris réseau", gros ramage pour l'affichage du rep, ou pour passage d'un rep à l'autre. S'ils passent par un mappage, ou un accès direct via une petite interface html (file://nom_de_serveur/rep/) temps de réponse nickel. J'aurai tendance à mettre en cause le mécanisme de favoris réseau, mais ignorant son fonctionnement interne, je me gratte la tête... Un passage multiple par le loopback, ou une c..rie dans le genre ?... Idée géniale welcome !

Merci de répondre aussi vite - Ca me fait une économie de cheveux sur la tête ) pc1 = 192.9.210.1 sur eth0, et @ip dynamique via gprs. C'est le routeur, grâce à winroute lite. pc2 = 192.9.210.2 - uniquement ethernet, default gateway définie en 192.9.210.1 pc3=192.9.210.3 - idem netmask pour tous=255.255.255.0

Bonjour à tous, et merci pour le tuto, qui m'a permis de passer de Tiny personal firewall v2 (free) vers Jetico. La connection directe de Firefox, défini en catégorie web browser, fonctionne au poil, bien que je note un ralentissement sensible du trafic. Normal : l'analyse à un prix. Question : Losque je tente de passer par winroute lite, je me retrouve avec : 20/08/2006 15:21:00.421 reject Block All not Processed IP Packets 48 TCP outgoing packet 80.10.21.245 217.12.2.76 45008 80 TTL: 128; TOS: 0; ID: A4D1; TCP flags: SYN ; TCP Seq: CB2B1D67 J'ai tenté de placer le process winroute dans diverses catégories d'acceptations, mais rien n'y fait. Quelle est la bonne façon pour router proprement avec Jetico ? Avant qu'on ne me pose la question, le besoin de routage correspond à un chtit réseau local (ethernet) de trois bécanes à la maison. Merci !

Un grand MERCI.

Et hop : (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\SYSTEM32\GEBYY.DLL C:\WINDOWS\SYSTEM32\YYBEG.INI * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 12:46:03,82 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-17 12:31:10 12308 ( A.... ) "C:\WINDOWS\system32\ghujogkw.exe" 2006-08-17 12:31:02 12820 ( A.... ) "C:\WINDOWS\system32\htfuyuus.exe" 2006-08-16 14:37:24 40973 ( ..SH. ) "C:\WINDOWS\system32\urqpmmj.dll" 2006-08-16 13:19:58 ( .D... ) "C:\Program Files\Webroot" 2006-08-16 13:19:58 ( .D... ) "C:\Documents and Settings\MOI\Application Data\Webroot" 2006-08-09 14:40:30 ( AD... ) "C:\Program Files\Fichiers communs" 2006-08-09 14:40:30 ( .D... ) "C:\Program Files\Fichiers communs\{645FD271-0AE9-1036-0710-030313200021}" 2006-08-09 14:40:20 40973 ( ..SH. ) "C:\WINDOWS\system32\vtuuuvv.dll" 2006-08-09 14:15:48 ( .D.H. ) "C:\Program Files\InstallShield Installation Information" 2006-08-09 14:15:06 ( .D... ) "C:\Documents and Settings\MOI\Application Data\Apple Computer" 2006-08-09 14:12:12 ( .D... ) "C:\Program Files\iPod" 2006-08-09 13:30:08 83 ( ..SH. ) "C:\Documents and Settings\MOI\Application Data\.zreglib" 2006-08-08 13:52:58 ( .D... ) "C:\Program Files\Personal Communications" 2006-07-07 16:54:10 252928 ( A.... ) "C:\WINDOWS\WRUninstall.dll" 2006-07-07 16:53:54 208896 ( A.... ) "C:\WINDOWS\system32\WRLogonNtf.dll" 2006-07-07 16:53:52 8704 ( A.... ) "C:\WINDOWS\system32\ssiefr.EXE" 2006-07-07 16:53:50 20992 ( A.... ) "C:\WINDOWS\system32\wrlzma.dll" 2006-05-22 15:02:50 8 ( A.... ) "C:\Documents and Settings\MOI\Application Data\NMM-MetaData.db" 2005-01-24 13:55:04 22115 ( ...H. ) "C:\Program Files\folder.htt" 2005-01-24 13:55:04 271 ( ...H. ) "C:\Program Files\desktop.ini" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-17 12:31 12ÿ820 C:\WINDOWS\system32\htfuyuus.exe 2006-08-17 12:31 12ÿ308 C:\WINDOWS\system32\ghujogkw.exe 2006-08-16 14:37 40ÿ973 C:\WINDOWS\system32\urqpmmj.dll 2006-08-16 13:20 208ÿ896 C:\WINDOWS\system32\WRLogonNtf.dll 2006-08-16 13:19 8ÿ704 C:\WINDOWS\system32\ssiefr.EXE 2006-08-16 13:19 684ÿ032 C:\WINDOWS\libeay32.dll 2006-08-16 13:19 252ÿ928 C:\WINDOWS\WRUninstall.dll 2006-08-16 13:19 20ÿ992 C:\WINDOWS\system32\wrlzma.dll 2006-08-16 13:19 155ÿ648 C:\WINDOWS\ssleay32.dll 2006-08-09 14:40 40ÿ973 C:\WINDOWS\system32\vtuuuvv.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Synchronization Manager"="\"mobsync.exe\" /logon" "vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "WinampAgent"="\"C:\\Other Program Files\\Winamp\\Winampa.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\"" "PFTLAsyncLogon"="\"C:\\appli\\statpath\\tool_hideexec.exe\" exec C:\\appli\\statpath\\sson_ginaevt.exe asynchrone" "PCSuiteTrayApplication"="\"C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE\" -startup" "iTunesHelper"="\"C:\\Other Program Files\\Itunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Other Program Files\\QuickTime\\qttask.exe\" -atboottime" "!ewido"="\"C:\\Other Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Copernic Desktop Search"="\"C:\\Other Program Files\\Copernic Desktop Search\\CopernicDesktopSearch.exe\" /tray" "PcSync"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "{645FD271-0AE9-1036-0710-030313200021}"="\"C:\\Program Files\\Fichiers communs\\{645FD271-0AE9-1036-0710-030313200021}\\Update.exe\" mc-110-12-0000272" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableRegistryTools REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService Contents of the 'Scheduled Tasks' folder Completion time: jeu. 17/08/2006 12:46:31,15 ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt ============================================================== Logfile of HijackThis v1.99.1 Scan saved at 12:55:31, on 17/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe c:\windows\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\trcboot.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Other Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\appli\statpath\MIDW_SERVER.EXE C:\Other Program Files\Tiny Personal Firewall\persfw.exe C:\TOOLS\RCMDSVC.EXE C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\R_server.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\MSTask.exe C:\Program Files\HISClient\system\snabase.exe C:\Program Files\HISClient\system\snarpcsv.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\CCM\CcmExec.exe C:\appli\statpath\ELITE.EXE C:\WINDOWS\Explorer.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\svchost.exe C:\Other Program Files\Itunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Other Program Files\pgp\PGPTray.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Fichiers communs\System\Mapi\1036\NT\MAPISP32.EXE C:\WINDOWS\system32\cidaemon.exe C:\Other Program Files\FireFox\firefox.exe D:\trash\Download\Dératisation\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Client Principal R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RBLK_RoboX Screen Class - {22389F3A-A44B-4DDE-9FE5-D7A08BA981E1} - C:\appli\statpath\rblk_robox.dll O2 - BHO: (no name) - {66D62293-9467-413B-81D6-7095685D6392} - C:\WINDOWS\system32\gebyy.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O2 - BHO: WLIB_IESpy.IESpyBHO Class - {E0C056A1-3024-4BD8-8FA2-429C562ADCAB} - C:\appli\statpath\wlib_iespy.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O4 - HKLM\..\Run: [synchronization Manager] "mobsync.exe" /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Other Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [PFTLAsyncLogon] "C:\appli\statpath\tool_hideexec.exe" exec C:\appli\statpath\sson_ginaevt.exe asynchrone O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Other Program Files\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Other Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: PGPtray.lnk = C:\Other Program Files\pgp\PGPTray.exe O4 - Startup: Raccourci vers D.cmd.lnk = C:\d.cmd O4 - Startup: Raccourci vers DE.cmd.lnk = scripts\DE.cmd O4 - Startup: Raccourci vers trans.exe.lnk = C:\Other Program Files\transparent\trans.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Other Program Files\InternetMacros\imacros.dll (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O15 - Trusted Zone: http://www.amaena.com O15 - Trusted Zone: http://*.systemdoctor.com O15 - Trusted Zone: http://www.winantivirus.com O15 - Trusted Zone: http://www.winantiviruspro.com O15 - Trusted Zone: http://download.cdn.winsoftware.com {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0300f0e30e6c44...RdxIE601_fr.cab O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll (file missing) O20 - Winlogon Notify: HARD_IDBANCLI - HARD_IDBANCLI.DLL (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: SSON_TRAYSRV - SSON_TRAYSRV.DLL (file missing) O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Other Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Other Program Files\Tiny Personal Firewall\persfw.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_server.exe" /service (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Pfou ! Féroce la bestiole ! Suivi la procédure - Petits doutes vers la fin : après killbox, reboot en mode safe ou normal ?... Fallait il bien dire à SpySweeper de flinguer les cochonneries après la première confirmation ?... Log spysweeper : 14:35: Removal process completed. Elapsed time 00:00:13 14:35: Quarantining All Traces: weborama cookie 14:34: Quarantining All Traces: trojan agent winlogonhook 14:34: Removal process initiated 14:18: Traces Found: 2 14:18: Full Sweep has completed. Elapsed time 00:33:34 14:18: File Sweep Complete, Elapsed Time: 00:32:48 14:09: Warning: Stream read error 14:07: Warning: Stream read error 14:04: Warning: Stream read error 13:54: Warning: Failed to access drive Z: 13:45: Starting File Sweep 13:45: Warning: Failed to access drive A: 13:45: Cookie Sweep Complete, Elapsed Time: 00:00:00 13:45: moi@weborama[2].txt (ID = 3658) 13:45: Found Spy Cookie: weborama cookie 13:45: Starting Cookie Sweep 13:45: Registry Sweep Complete, Elapsed Time:00:00:09 13:45: HKLM\software\microsoft\mssmgr\ (ID = 937101) 13:45: Found Trojan Horse: trojan agent winlogonhook 13:45: Starting Registry Sweep 13:45: Memory Sweep Complete, Elapsed Time: 00:00:29 13:44: Starting Memory Sweep 13:44: Sweep initiated using definitions version 691 13:44: Spy Sweeper 5.0.5.1286 started 13:44: | Start of Session, mercredi 16 août 2006 | ******** 13:44: | End of Session, mercredi 16 août 2006 | 13:44: Program Version 5.0.5.1286 Using Spyware Definitions 691 13:28: Messenger service has been disabled. Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 13:27: Shield States 13:27: Spyware Definitions: 691 13:27: Spy Sweeper 5.0.5.1286 started 13:27: Spy Sweeper 5.0.5.1286 started 13:27: | Start of Session, mercredi 16 août 2006 | ******** Toujours est-il qu'au reboot suivant, je me suis retrouvé avec deux nouvelles alertes ewido : trojan.dialer.u trojan.starter.65 PLUS une alerte NAV : virus downloader sur fichier windows/system32/3f636138.exe ----- J'ai donc relancé toute la procédure deux fois, en m'assurant que les rapports étaient clean à chaque fois. J'ai lancé en plus NAV, et là... bizarre tendance louche : SpySeeper m'annonce que nav (rtvscan) tente de tripoter le fichier hosts. J'autorise, je vais voir, et je trouve une ligne ajoutée sur une adresse ip, et des hostnames trucs.mac.com Je flingue la ligne. Petit tour dans la base de registre... Je trouve deux RUN sur le 3f636138.exe dans windows/system32 et local settings ! Je flingue. J'y trouve également un forcage de configuration de session windows, qui me bloquait pour prendre la main sur ma bécane après login... Je flingue ! Nouveau reboot - Nouvelle inspection - ras. Mais avec toutes ces cochonneries qui s'auto-procrées... Suis-je bien clean ?... Voici la log du scanner : Logfile of HijackThis v1.99.1 Scan saved at 16:41:07, on 16/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\trcboot.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Other Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\appli\statpath\MIDW_SERVER.EXE C:\Other Program Files\Tiny Personal Firewall\persfw.exe C:\TOOLS\RCMDSVC.EXE C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\R_server.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\MSTask.exe C:\Program Files\HISClient\system\snabase.exe C:\Program Files\HISClient\system\snarpcsv.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\stisvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\svchost.exe C:\Other Program Files\Itunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Other Program Files\pgp\PGPTray.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Fichiers communs\System\Mapi\1036\NT\MAPISP32.EXE C:\Other Program Files\FireFox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.exe D:\trash\Download\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Client Principal R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RBLK_RoboX Screen Class - {22389F3A-A44B-4DDE-9FE5-D7A08BA981E1} - C:\appli\statpath\rblk_robox.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O2 - BHO: WLIB_IESpy.IESpyBHO Class - {E0C056A1-3024-4BD8-8FA2-429C562ADCAB} - C:\appli\statpath\wlib_iespy.dll O2 - BHO: (no name) - {ED96D09C-9CB0-4438-9B04-E34C6B8D7DF9} - C:\WINDOWS\system32\gebyy.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Other Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [PFTLAsyncLogon] "C:\appli\statpath\tool_hideexec.exe" exec C:\appli\statpath\sson_ginaevt.exe asynchrone O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Other Program Files\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Other Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: PGPtray.lnk = C:\Other Program Files\pgp\PGPTray.exe O4 - Startup: Raccourci vers D.cmd.lnk = C:\d.cmd O4 - Startup: Raccourci vers DE.cmd.lnk = scripts\DE.cmd O4 - Startup: Raccourci vers trans.exe.lnk = C:\Other Program Files\transparent\trans.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Other Program Files\InternetMacros\imacros.dll (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0300f0e30e6c44...RdxIE601_fr.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll O20 - Winlogon Notify: HARD_IDBANCLI - HARD_IDBANCLI.DLL (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: SSON_TRAYSRV - SSON_TRAYSRV.DLL (file missing) O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Other Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Other Program Files\Tiny Personal Firewall\persfw.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_server.exe" /service (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Voili-voilou... Logfile of HijackThis v1.99.1 Scan saved at 15:55:03, on 11/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\trcboot.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Other Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\appli\statpath\MIDW_SERVER.EXE C:\Other Program Files\Tiny Personal Firewall\persfw.exe C:\TOOLS\RCMDSVC.EXE C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\R_server.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\MSTask.exe C:\Program Files\HISClient\system\snabase.exe C:\Program Files\HISClient\system\snarpcsv.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\CCM\CcmExec.exe C:\appli\statpath\EIDCOM.EXE C:\appli\statpath\ELITE.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Other Program Files\Itunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Fichiers communs\{645FD271-0AE9-1036-0710-030313200021}\Update.exe C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Other Program Files\pgp\PGPTray.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Fichiers communs\System\Mapi\1036\NT\MAPISP32.EXE C:\WINDOWS\system32\cidaemon.exe C:\Other Program Files\FireFox\firefox.exe C:\Other Program Files\Winamp\Winamp.exe C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE D:\trash\Download\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Client Principal R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RBLK_RoboX Screen Class - {22389F3A-A44B-4DDE-9FE5-D7A08BA981E1} - C:\appli\statpath\rblk_robox.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: WLIB_IESpy.IESpyBHO Class - {E0C056A1-3024-4BD8-8FA2-429C562ADCAB} - C:\appli\statpath\wlib_iespy.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [WPLOGON] c:\tools\wpkit.exe -titre "Parametrage du poste" -message "Veuillez patienter pendant la configuration de votre profil ..." c:\tools\wplogon.cmd -test "c:\documents and settings\%username%\Application Data\WP\1stlogon.tag" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Other Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PFTLAsyncLogon] C:\appli\statpath\tool_hideexec.exe exec C:\appli\statpath\sson_ginaevt.exe asynchrone O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Other Program Files\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Other Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: PGPtray.lnk = C:\Other Program Files\pgp\PGPTray.exe O4 - Startup: Raccourci vers D.cmd.lnk = C:\d.cmd O4 - Startup: Raccourci vers DE.cmd.lnk = scripts\DE.cmd O4 - Startup: Raccourci vers trans.exe.lnk = C:\Other Program Files\transparent\trans.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Other Program Files\InternetMacros\imacros.dll (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0300f0e30e6c44...RdxIE601_fr.cab O20 - Winlogon Notify: HARD_IDBANCLI - HARD_IDBANCLI.DLL (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: SSON_TRAYSRV - SSON_TRAYSRV.DLL (file missing) O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Other Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Other Program Files\Tiny Personal Firewall\persfw.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_server.exe" /service (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe

Bonjour à tous, Infections détectées par ewido : dropper.small.art & dialer.agent.z sur pc en windows 2000 Détectés uniquement par fenetre d'alerte ewido lorsque les bestioles se réveillent. (ras sur le scan complet) Présence à ce moment dans windows\temp de diverses cochonneries.tmp.exe Tenté démarrage sans échec et lancement ewido + ccsetup + vundofix + smitfraudfix La Bêêête est toujours vivante ! Voici un chtit coup de HiJackThis - Un grand merci d'avance pour le coup de main (nb : la présence de r_server est ok) Logfile of HijackThis v1.99.1 Scan saved at 18:35:21, on 10/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\trcboot.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Other Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\appli\statpath\MIDW_SERVER.EXE C:\Other Program Files\Tiny Personal Firewall\persfw.exe C:\TOOLS\RCMDSVC.EXE C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\R_server.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\MSTask.exe C:\Program Files\HISClient\system\snabase.exe C:\Program Files\HISClient\system\snarpcsv.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\system32\CCM\CcmExec.exe C:\appli\statpath\EIDCOM.EXE C:\appli\statpath\ELITE.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\appli\statpath\MIDW_SERVER.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Other Program Files\Itunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Program Files\Fichiers communs\{645FD271-0AE9-1036-0710-030313200021}\Update.exe C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Other Program Files\pgp\PGPTray.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Fichiers communs\System\Mapi\1036\NT\MAPISP32.EXE C:\Other Program Files\FireFox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\svchost.exe D:\trash\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Client Principal R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RBLK_RoboX Screen Class - {22389F3A-A44B-4DDE-9FE5-D7A08BA981E1} - C:\appli\statpath\rblk_robox.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: WLIB_IESpy.IESpyBHO Class - {E0C056A1-3024-4BD8-8FA2-429C562ADCAB} - C:\appli\statpath\wlib_iespy.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [WPLOGON] c:\tools\wpkit.exe -titre "Parametrage du poste" -message "Veuillez patienter pendant la configuration de votre profil ..." c:\tools\wplogon.cmd -test "c:\documents and settings\%username%\Application Data\WP\1stlogon.tag" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Other Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PFTLAsyncLogon] C:\appli\statpath\tool_hideexec.exe exec C:\appli\statpath\sson_ginaevt.exe asynchrone O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Other Program Files\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Other Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Other Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Other Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: PGPtray.lnk = C:\Other Program Files\pgp\PGPTray.exe O4 - Startup: Raccourci vers D.cmd.lnk = C:\d.cmd O4 - Startup: Raccourci vers DE.cmd.lnk = scripts\DE.cmd O4 - Startup: Raccourci vers trans.exe.lnk = C:\Other Program Files\transparent\trans.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Other Program Files\InternetMacros\imacros.dll (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O14 - IERESET.INF: START_PAGE_URL=about:blank ... O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0300f0e30e6c44...RdxIE601_fr.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = O20 - Winlogon Notify: HARD_IDBANCLI - HARD_IDBANCLI.DLL (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: SSON_TRAYSRV - SSON_TRAYSRV.DLL (file missing) O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe ... O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Other Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Other Program Files\Tiny Personal Firewall\persfw.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_server.exe" /service (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe