Aller au contenu

ricky40

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

À propos de ricky40

  • Date de naissance 20/03/1976

Profile Information

  • Sexe
    Male

Autres informations

  • Mes langues
    Espagnol et Anglais

ricky40's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. ricky40
    Salut, Non, je ne reçois plus de pub intempestives depuis mes petites bidouilles, voici le log DSS : Deckard's System Scanner v20071014.68 Run by Ricky on 2008-06-18 01:32:10 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Ricky.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:32:17, on 18/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\Documents and Settings\Ricky\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Ricky.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/cla7/support/pl...s/ebraryRdr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213279282531 O17 - HKLM\System\CCS\Services\Tcpip\..\{95645FD5-C60C-4B46-A451-20F0F6432077}: NameServer = 212.27.54.252,212.27.53.252 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 8345 bytes -- Files created between 2008-05-18 and 2008-06-18 ----------------------------- 2008-06-15 23:20:23 0 dr-h----- C:\Documents and Settings\Ricky\Recent 2008-06-12 18:06:07 0 d-------- C:\Program Files\MSXML 4.0 2008-06-12 01:47:51 0 d-------- C:\Program Files\Trend Micro 2008-06-11 22:58:43 0 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-06-11 22:58:43 0 d---s---- C:\Documents and Settings\Administrateur\Cookies 2008-06-11 22:58:43 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-11 22:58:43 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2008-06-11 22:58:43 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-11 22:58:42 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2008-06-11 22:58:42 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-06-11 22:58:42 0 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-06-11 22:58:42 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2008-06-11 20:29:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-06-11 20:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-03 11:44:12 162304 --a------ C:\UNWISE.EXE 2008-05-26 17:55:42 0 d-------- C:\Program Files\e-Carte Bleue LCL -- Find3M Report --------------------------------------------------------------- 2008-06-18 01:31:57 0 d-------- C:\Documents and Settings\Ricky\Application Data\uTorrent 2008-06-18 01:31:31 0 d-------- C:\Program Files\RemotelyAnywhere 2008-06-17 23:24:16 0 d-------- C:\Documents and Settings\Ricky\Application Data\foobar2000 2008-06-16 16:31:28 1235 --a------ C:\Documents and Settings\Ricky\Application Data\SAS7_000.DAT 2008-06-15 22:46:22 0 d-------- C:\Program Files\eMule 2008-06-15 18:12:33 0 d-------- C:\Documents and Settings\Ricky\Application Data\Canon 2008-06-14 10:07:10 0 d-------- C:\Documents and Settings\Ricky\Application Data\Vso 2008-06-12 18:08:48 436074 --a----c- C:\WINDOWS\system32\perfh040.dat 2008-06-12 18:08:48 475024 --a----c- C:\WINDOWS\system32\perfh00C.dat 2008-06-12 18:08:48 59364 --a----c- C:\WINDOWS\system32\perfc040.dat 2008-06-12 18:08:48 77522 --a----c- C:\WINDOWS\system32\perfc00C.dat 2008-06-11 18:16:14 0 d-------- C:\Program Files\StatTransfer8 2008-06-11 18:16:14 0 d-------- C:\Program Files\MathType 2008-06-03 12:18:03 34 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.log 2008-06-03 12:18:00 94208 --a----c- C:\Documents and Settings\Ricky\Application Data\ezplay.sys <Not Verified; VSO Software; ezplay driver> 2008-06-03 12:18:00 125 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.ini 2008-06-03 12:18:00 1103 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.inf 2008-06-03 12:18:00 7861 --a----c- C:\Documents and Settings\Ricky\Application Data\ezplay.cat 2008-06-03 12:17:59 34 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.log 2008-06-03 12:17:55 47360 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-06-03 12:17:55 1144 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.inf 2008-06-03 12:17:55 7887 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.cat 2008-06-03 12:17:52 0 d-------- C:\Program Files\VSO 2008-06-03 12:09:49 33 --a----c- C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.log 2008-06-03 12:09:48 1104 --a----c- C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.inf 2008-06-03 00:19:21 0 d-------- C:\Program Files\foobar2000 2008-05-27 13:55:51 0 d-------- C:\Program Files\mIRC 2008-05-27 13:46:24 20872 --ah---c- C:\WINDOWS\system32\mlfcache.dat 2008-05-26 17:55:41 0 d--h----- C:\Program Files\InstallShield Installation Information -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/04/2004 05:02] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [06/06/2005 19:05] "nwiz"="nwiz.exe" [02/04/2004 05:02 C:\WINDOWS\system32\nwiz.exe] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/06/2004 10:51] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/06/2004 10:50] "Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [03/02/2006 10:23] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [29/04/2003 15:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:09] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Ashampoo Magical Defrag.lnk - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [05/04/2007 14:29:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit] RAinit.dll 10/07/2006 12:59 11520 C:\WINDOWS\system32\RAinit.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "OpAgent"="C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CAPON"=C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE "nwiz"=nwiz.exe /install "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "Logitech Utility"=Logi_MwX.Exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e504e30c-d4a1-11db-a5d5-00030d1274c4}] AutoRun\command- Setup\rsrc\autorun.exe dinstall\command- G:\Directx\dxsetup.exe -- End of Deckard's System Scanner: finished at 2008-06-18 01:32:38 ------------ Voila, @ +
  2. ricky40
    Bonjour, C'est bizarre, il me semblait avoir supprimmé ce C:\WINDOWS\system32\aGOWDcfe.ini2, enfin bref je viens de le faire ainsi que pour C:\WINDOWS\system32\unsvchosts.exe. Voici le contenu de C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.inf : [Version] Signature="$Windows 95$" Provider=VSO Software Class=VSO devices ClassGUID={FF646F80-8DEF-11D2-9449-00105A075F6B} CatalogFile.nt=ezplay.cat DriverVer=12/05/2006, 1.37.0.0 [sourceDisksNames] 1 = "ezplay Disk",Disk1,, [sourceDisksFiles] ezplay.sys = 1,, [ClassInstall32] Addreg=Class_AddReg [Class_AddReg] HKR,,,,VSO devices HKR,,Icon,,"0" ; Computer icon [DestinationDirs] ezplay_Files_Driver = 10,System32\Drivers [Manufacturer] VSO Software=Mfg0,nt VSO Software=Mfg0 [Mfg0.nt] ezplay device for 32 bits systems=ezplay_DDI, *ezplay [Mfg0] ezplay device for 32 bits systems=ezplay_DDI, *ezplay [ezplay_DDI.NT] CopyFiles=ezplay_Files_Driver [ezplay_DDI.NT.Services] Addservice = ezplay, 0x00000002, ezplay_AddService [ezplay_AddService] DisplayName = VSO Software ezplay ServiceType = 1 ; SERVICE_KERNEL_DRIVER StartType = 3 ; SERVICE_DEMAND_START ErrorControl = 1 ; SERVICE_ERROR_NORMAL ServiceBinary = %10%\System32\Drivers\ezplay.sys [ezplay_Files_Driver] ezplay.sys C'est apparemment lié au logiciel Ez-play qui s'installe avec Blindwrite. Encore merci pour ton aide, @ plus tard.
  3. ricky40
    Re-bonjour, J'ai bien fais les trois étapes indiquées, voici les rapports : Rapport Kapersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, June 13, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, June 13, 2008 10:43:33 Records in database: 859435 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ H:\ Scan statistics: Files scanned: 69058 Threat name: 3 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 05:28:05 File name / Threat name / Threats count winlogon.exe\RAinit.dll/winlogon.exe\RAinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\WINDOWS\system32\RAinit.dll/C:\WINDOWS\system32\RAinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\Program Files\RemotelyAnywhere\rainit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\WINDOWS\system32\RAinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\WINDOWS\system32\unsvchosts.exe Infected: not-a-virus:RiskTool.Win32.Starter.a 1 The selected area was scanned. Rapport DSS : Deckard's System Scanner v20071014.68 Run by Ricky on 2008-06-13 21:04:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Ricky.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:04:23, on 13/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Ricky\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Ricky.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/cla7/support/pl...s/ebraryRdr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213279282531 O17 - HKLM\System\CCS\Services\Tcpip\..\{95645FD5-C60C-4B46-A451-20F0F6432077}: NameServer = 212.27.54.252,212.27.53.252 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 8089 bytes -- Files created between 2008-05-13 and 2008-06-13 ----------------------------- 2008-06-12 19:47:28 0 dr-h----- C:\Documents and Settings\Ricky\Recent 2008-06-12 18:06:07 0 d-------- C:\Program Files\MSXML 4.0 2008-06-12 01:47:51 0 d-------- C:\Program Files\Trend Micro 2008-06-11 22:58:43 0 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-06-11 22:58:43 0 d---s---- C:\Documents and Settings\Administrateur\Cookies 2008-06-11 22:58:43 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-11 22:58:43 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2008-06-11 22:58:43 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-11 22:58:42 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2008-06-11 22:58:42 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-06-11 22:58:42 0 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-06-11 22:58:42 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2008-06-11 20:29:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-06-11 20:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-10 09:40:51 430083 --ahs---- C:\WINDOWS\system32\aGOWDcfe.ini2 2008-06-03 11:44:12 162304 --a------ C:\UNWISE.EXE 2008-05-26 17:55:42 0 d-------- C:\Program Files\e-Carte Bleue LCL -- Find3M Report --------------------------------------------------------------- 2008-06-13 12:30:05 0 d-------- C:\Documents and Settings\Ricky\Application Data\uTorrent 2008-06-13 11:36:11 0 d-------- C:\Program Files\eMule 2008-06-13 00:15:21 0 d-------- C:\Program Files\RemotelyAnywhere 2008-06-12 23:22:20 0 d-------- C:\Documents and Settings\Ricky\Application Data\foobar2000 2008-06-12 18:08:48 436074 --a----c- C:\WINDOWS\system32\perfh040.dat 2008-06-12 18:08:48 475024 --a----c- C:\WINDOWS\system32\perfh00C.dat 2008-06-12 18:08:48 59364 --a----c- C:\WINDOWS\system32\perfc040.dat 2008-06-12 18:08:48 77522 --a----c- C:\WINDOWS\system32\perfc00C.dat 2008-06-11 18:16:14 0 d-------- C:\Program Files\StatTransfer8 2008-06-11 18:16:14 0 d-------- C:\Program Files\MathType 2008-06-05 12:16:16 0 d-------- C:\Documents and Settings\Ricky\Application Data\Canon 2008-06-03 14:10:18 0 d-------- C:\Documents and Settings\Ricky\Application Data\Vso 2008-06-03 12:18:03 34 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.log 2008-06-03 12:18:00 94208 --a----c- C:\Documents and Settings\Ricky\Application Data\ezplay.sys <Not Verified; VSO Software; ezplay driver> 2008-06-03 12:18:00 125 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.ini 2008-06-03 12:18:00 1103 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.inf 2008-06-03 12:18:00 7861 --a----c- C:\Documents and Settings\Ricky\Application Data\ezplay.cat 2008-06-03 12:17:59 34 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.log 2008-06-03 12:17:55 47360 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-06-03 12:17:55 1144 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.inf 2008-06-03 12:17:55 7887 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.cat 2008-06-03 12:17:52 0 d-------- C:\Program Files\VSO 2008-06-03 12:09:49 33 --a----c- C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.log 2008-06-03 12:09:48 1104 --a----c- C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.inf 2008-06-03 00:19:21 0 d-------- C:\Program Files\foobar2000 2008-05-29 22:59:17 1275 --a------ C:\Documents and Settings\Ricky\Application Data\SAS7_000.DAT 2008-05-27 13:55:51 0 d-------- C:\Program Files\mIRC 2008-05-27 13:46:24 20872 --ah---c- C:\WINDOWS\system32\mlfcache.dat 2008-05-26 17:55:41 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-15 20:03:25 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/04/2004 05:02] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [06/06/2005 19:05] "nwiz"="nwiz.exe" [02/04/2004 05:02 C:\WINDOWS\system32\nwiz.exe] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/06/2004 10:51] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/06/2004 10:50] "Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [03/02/2006 10:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:09] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Ashampoo Magical Defrag.lnk - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [05/04/2007 14:29:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit] RAinit.dll 10/07/2006 12:59 11520 C:\WINDOWS\system32\RAinit.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "OpAgent"="C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CAPON"=C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE "nwiz"=nwiz.exe /install "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "Logitech Utility"=Logi_MwX.Exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e504e30c-d4a1-11db-a5d5-00030d1274c4}] AutoRun\command- Setup\rsrc\autorun.exe dinstall\command- G:\Directx\dxsetup.exe -- End of Deckard's System Scanner: finished at 2008-06-13 21:04:50 ------------
  4. ricky40
    Salut, Tout d'abord, merci de ton aide Voici le rapport "main.txt" : Deckard's System Scanner v20071014.68 Run by Ricky on 2008-06-13 11:23:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-06-13 09:23:07 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Ricky.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:11, on 13/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RemotelyAnywhere\RAGui.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Documents and Settings\Ricky\Bureau\dss.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Ricky.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/cla7/support/pl...s/ebraryRdr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213279282531 O17 - HKLM\System\CCS\Services\Tcpip\..\{95645FD5-C60C-4B46-A451-20F0F6432077}: NameServer = 212.27.54.252,212.27.53.252 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 8333 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080612-163342-124 O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - (no file) backup-20080612-163435-830 O2 - BHO: (no name) - {548DC90B-A034-429C-BB4B-06CDE88E1C5A} - (no file) backup-20080612-163947-275 O4 - HKLM\..\Run: [0832b807] rundll32.exe "C:\WINDOWS\system32\vhmmtpgj.dll",b backup-20080612-163947-912 O4 - HKLM\..\Run: [bM0b018b9b] Rundll32.exe "C:\WINDOWS\system32\phkhyiry.dll",s backup-20080612-173556-424 O20 - Winlogon Notify: nnnOfebx - nnnOfebx.dll (file missing) backup-20080612-173626-565 O2 - BHO: (no name) - {8EA86503-476F-476A-A55A-7225082DF3EB} - (no file) backup-20080612-173840-750 O4 - HKLM\..\Run: [bM0b018b9b] Rundll32.exe "C:\WINDOWS\system32\phkhyiry.dll",s backup-20080612-232943-730 O2 - BHO: {1579aaab-4908-224a-8404-011de2af66ef} - {fe66fa2e-d110-4048-a422-8094baaa9751} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hotcore - c:\windows\system32\drivers\hotcore.sys <Not Verified; Paragon Software Group; HotBackup> R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver> R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi> R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt> R2 ECBatteryDRV - c:\windows\system32\drivers\ecbatterydrv.sys R2 ECMonitorDRV - c:\windows\system32\drivers\ecmonitordrv.sys R2 ECUtilityDRV - c:\windows\system32\drivers\ecutilitydrv.sys R2 HotCPUDRV - c:\windows\system32\drivers\hotcpudrv.sys R2 WinBootDRV - c:\windows\system32\drivers\winbootdrv.sys R3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; ezplay driver> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S1 NetBurn (Paragon NetBurning Driver) - c:\windows\system32\drivers\netburn.sys <Not Verified; Rocket Division Software; StarPort Storage Controller> S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing) S3 LCcfltr (Logitech USB Filter Driver) - c:\windows\system32\drivers\lccfltr.sys <Not Verified; Logitech, Inc.; Logitech iTouch> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 AshampooDefragService - c:\program files\ashampoo\ashampoo magical defrag\bin\adefragservice.exe <Not Verified; ; Ashampoo Magical Defrag> R3 FLEXnet Licensing Service - "c:\program files\fichiers communs\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Microsoft® Keyboard with Fingerprint Reader Device ID: USB\VID_045E&PID_00BB&MI_02\6&3360172&0&0002 Manufacturer: Name: Microsoft® Keyboard with Fingerprint Reader PNP Device ID: USB\VID_045E&PID_00BB&MI_02\6&3360172&0&0002 Service: -- Files created between 2008-05-13 and 2008-06-13 ----------------------------- 2008-06-12 19:47:28 0 dr-h----- C:\Documents and Settings\Ricky\Recent 2008-06-12 18:06:07 0 d-------- C:\Program Files\MSXML 4.0 2008-06-12 01:47:51 0 d-------- C:\Program Files\Trend Micro 2008-06-12 01:04:07 0 d-------- C:\VundoFix Backups 2008-06-11 22:58:43 0 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-06-11 22:58:43 0 d---s---- C:\Documents and Settings\Administrateur\Cookies 2008-06-11 22:58:43 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-11 22:58:43 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2008-06-11 22:58:43 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-11 22:58:42 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2008-06-11 22:58:42 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-06-11 22:58:42 0 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-06-11 22:58:42 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-06-11 22:58:42 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2008-06-11 20:29:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-06-11 20:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-10 09:40:51 430083 --ahs---- C:\WINDOWS\system32\aGOWDcfe.ini2 2008-06-03 11:44:12 162304 --a------ C:\UNWISE.EXE 2008-05-26 17:55:42 0 d-------- C:\Program Files\e-Carte Bleue LCL -- Find3M Report --------------------------------------------------------------- 2008-06-13 00:15:21 0 d-------- C:\Program Files\RemotelyAnywhere 2008-06-12 23:29:10 0 d-------- C:\Documents and Settings\Ricky\Application Data\uTorrent 2008-06-12 23:22:20 0 d-------- C:\Documents and Settings\Ricky\Application Data\foobar2000 2008-06-12 23:12:52 0 d-------- C:\Program Files\eMule 2008-06-12 18:08:48 436074 --a----c- C:\WINDOWS\system32\perfh040.dat 2008-06-12 18:08:48 475024 --a----c- C:\WINDOWS\system32\perfh00C.dat 2008-06-12 18:08:48 59364 --a----c- C:\WINDOWS\system32\perfc040.dat 2008-06-12 18:08:48 77522 --a----c- C:\WINDOWS\system32\perfc00C.dat 2008-06-11 18:16:14 0 d-------- C:\Program Files\StatTransfer8 2008-06-11 18:16:14 0 d-------- C:\Program Files\MathType 2008-06-05 12:16:16 0 d-------- C:\Documents and Settings\Ricky\Application Data\Canon 2008-06-03 14:10:18 0 d-------- C:\Documents and Settings\Ricky\Application Data\Vso 2008-06-03 12:18:03 34 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.log 2008-06-03 12:18:00 94208 --a----c- C:\Documents and Settings\Ricky\Application Data\ezplay.sys <Not Verified; VSO Software; ezplay driver> 2008-06-03 12:18:00 125 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.ini 2008-06-03 12:18:00 1103 --a------ C:\Documents and Settings\Ricky\Application Data\ezplay.inf 2008-06-03 12:18:00 7861 --a----c- C:\Documents and Settings\Ricky\Application Data\ezplay.cat 2008-06-03 12:17:59 34 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.log 2008-06-03 12:17:55 47360 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-06-03 12:17:55 1144 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.inf 2008-06-03 12:17:55 7887 --a----c- C:\Documents and Settings\Ricky\Application Data\pcouffin.cat 2008-06-03 12:17:52 0 d-------- C:\Program Files\VSO 2008-06-03 12:09:49 33 --a----c- C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.log 2008-06-03 12:09:48 1104 --a----c- C:\Documents and Settings\Ricky\Application Data\FXDCRUGQ.inf 2008-06-03 00:19:21 0 d-------- C:\Program Files\foobar2000 2008-05-29 22:59:17 1275 --a------ C:\Documents and Settings\Ricky\Application Data\SAS7_000.DAT 2008-05-27 13:55:51 0 d-------- C:\Program Files\mIRC 2008-05-27 13:46:24 20872 --ah---c- C:\WINDOWS\system32\mlfcache.dat 2008-05-26 17:55:41 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-15 20:03:25 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/04/2004 05:02] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [06/06/2005 19:05] "nwiz"="nwiz.exe" [02/04/2004 05:02 C:\WINDOWS\system32\nwiz.exe] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/06/2004 10:51] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/06/2004 10:50] "Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [03/02/2006 10:23] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [29/04/2003 15:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:09] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Ashampoo Magical Defrag.lnk - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [05/04/2007 14:29:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit] RAinit.dll 10/07/2006 12:59 11520 C:\WINDOWS\system32\RAinit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcDWOGa [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "OpAgent"="C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CAPON"=C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE "nwiz"=nwiz.exe /install "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "Logitech Utility"=Logi_MwX.Exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a2c7e0a-92d6-11db-a53d-00030d1274c4}] Auto\command- sxs.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de3f650-cf44-11db-a5cb-00030d1274c4}] Auto\command- sxs.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e504e30c-d4a1-11db-a5d5-00030d1274c4}] AutoRun\command- Setup\rsrc\autorun.exe dinstall\command- G:\Directx\dxsetup.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 home.edonkey.com 127.0.0.1 home.edonkey2000.com 127.0.0.1 home.overnet.com 127.0.0.1 www.edonkey.com 127.0.0.1 sda.edonkey2000.com 127.0.0.1 sda.edonkey.com -- End of Deckard's System Scanner: finished at 2008-06-13 11:25:50 ------------
  5. ricky40
    Bonjour, Comme indiqué dans le titre, j'ai été infecté par plusieurs chevaux de Troie : Metajuan, Vundo et Crypt.Xpack.Gen. Mon antivirus (Symantec, edition corporate) a apparemment éliminé Metajuan mais après, j'ai continué à avoir des redirections vers des sites publicitaires, de rencontres etc... ainsi que des messages système m'indiquant que mon ordinateur était infecté (on appréciera l'ironie de la situation... ). Après quelques recherches, je décide de désactiver, symantec et de lancer Antivir en mode sans échec qui détecte 2 dll comme étant vundo et Crypt.Xpack.Gen. mais il n'arrive pas à les supprimer. J'ai la chance d'avoir deux ordinateurs portables, j'ai donc entrepris de brancher le disque dur du PC infecté en usb sur mon autre portable me permettant ainsi de supprimer les deux dll suspectes. J'élimine aussi une dll qui portait le même nom qu'un service ouvert dont je n'avais jamais vu le nom et pour lequel aucune information n'était disponible sur le web (je vérifie régulièrement quels sont les services actifs sur mon ordinateur). Ces trois dll se trouvaient dans le fichier system32 de windows (pour un info j'ai windows XP home edition service pack 2). Après avoir supprimer ces trois dll, je remets le disque dur dans l'ordinateur d'origine et je constate que la situation s'est amélioré mais n'est pas complètement résolue : toujours des redirections intempestives et des messages système de windows mais de façon beaucoup plus espacés. Je relance une analyse avec Antivir mais elle ne donne rien cette fois (je réessaye même avec symantec). Je télécharge et installe Hijackthis et après quelques lectures de forums et tutoriaux, je décide de supprimer les fichiers (toujours en branchant le disque en usb sur mon autre protable) et les lignes suivantes : - O4 - HKLM\..\Run: [0832b807] rundll32.exe "C:\WINDOWS\system32\vhmmtpgj.dll",b - O4 - HKLM\..\Run: [bM0b018b9b] Rundll32.exe "C:\WINDOWS\system32\phkhyiry.dll",s - O2 - BHO: {1579aaab-4908-224a-8404-011de2af66ef} - {fe66fa2e-d110-4048-a422-8094baaa9751} - C:\WINDOWS\system32\hcfhdagl.dll Pour information, les trois dll initialement supprimées correspondaient aux ligne suivantes de mon rapport hijackthis (il est possible qu'il en manque une correspondant à la dll ouverte en tant que service) : - O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - (no file) - O2 - BHO: (no name) - {548DC90B-A034-429C-BB4B-06CDE88E1C5A} - C:\WINDOWS\system32\efcDWOGa.dll (file missing) - O2 - BHO: (no name) - {8EA86503-476F-476A-A55A-7225082DF3EB} - C:\WINDOWS\system32\nnnOfebx.dll (file missing) - O20 - Winlogon Notify: nnnOfebx - nnnOfebx.dll (file missing) Après avoir effectué ces opérations, tout semble être rentré dans l'ordre : pas de fonctionnement anormal de windows que je puisse noter, plus aucune redirection intempestive et messages système de windows. Je suis plutôt soulagé, mais il est possible qu'il reste une ou deux cochonneries sur mon ordinateur, c'est pourquoi j'aimerais soumettre le log hijackthis que j'obtiens après ces manipulations et nettoyage de la base de registre et fichiers temporaires (avec CCleaner) pour bénéficier de vos connaissances et de votre aide et m'assurer ainsi qu'il n'y a plus aucun malware dans mon PC. Merci d'avance. Voici le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:59, on 13/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\Program Files\RemotelyAnywhere\RaMaint.exe C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RemotelyAnywhere\RAGui.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/cla7/support/pl...s/ebraryRdr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213279282531 O17 - HKLM\System\CCS\Services\Tcpip\..\{95645FD5-C60C-4B46-A451-20F0F6432077}: NameServer = 212.27.54.252,212.27.53.252 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 8462 bytes
×
×
  • Créer...