sorryfortheinconvenience

Membres

Afficher le profil Afficher son activité

Compteur de contenus
5
Inscription
le 16 décembre 2008
Dernière visite
le 8 janvier 2009

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par sorryfortheinconvenience

Témoignage et remerciements

sorryfortheinconvenience a posté un sujet dans Analyses et éradication malwares

Bonjour, Vous m'avez apporté une aide immense. Depuis un mois je cherchais comment sauver mon ordi, infesté de toute part (je suis complète néophyte en informatique mais je déteste ne pas comprendre et n'ai pas les moyens de payer un dépannage). Dans un 1° temps je m'étais crue débarrassée des monstres en suivant la procédure RSIT et en collant le rapport, mais quelques jours plus tard c'était pire : j'avais sans cesse des fenêtres "Windows Security Center reports that Antivirus 2009 is inactive", avec des icônes en bas impossibles à supprimer, fermeture de l'écran et messages de danger... Bref, j'étais complètement débordée, mais en fouillant sur tous le sujets du forum, j'ai fini par appliquer MBAM (sans savoir vraiment si mon cas y correspondait, mais au point où j'en étais, rien de pire ne pouvait arriver ...) et en suivant vos instructions à la lettre : apparemment après avoir redémarré et refait une recherche, tout est nettoyé et bien propre. Je colle à tout hasard le 1° puis le 2° rapport à la fin du message (si ça peut aider d'autres personnes ?). Mais je souhaite surtout vous remercier et vous encourager à continuer, car même pour des ignares comme moi, vous arrivez à faire des miracles ! Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1631 Windows 5.1.2600 Service Pack 3 08/01/2009 13:22:07 mbam-log-2009-01-08 (13-21-48).txt Type de recherche: Examen rapide Eléments examinés: 49836 Temps écoulé: 5 minute(s), 37 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 5 Clé(s) du Registre infectée(s): 15 Valeur(s) du Registre infectée(s): 7 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> No action taken. Module(s) mémoire infecté(s): C:\WINDOWS\system32\jisagoyi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yapafeju.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\ledanozo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\tadofuvo.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\razusula.dll (Trojan.Vundo.H) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81e96874-7d40-4663-a721-10970e470089} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{81e96874-7d40-4663-a721-10970e470089} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81e96874-7d40-4663-a721-10970e470089} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aceb0b15 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tawulasubo (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmafd83889 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\58640414966733361174395967329220 (Rogue.Antivirus 2009) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jisagoyi.dll -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jisagoyi.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jisagoyi.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\razusula.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\razusula.dll -> No action taken. Dossier(s) infecté(s): C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\yapafeju.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\ujefapay.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\ledanozo.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\razusula.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\tadofuvo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\jisagoyi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kihugali.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\zomuhali.dll (Trojan.Vundo) -> No action taken. C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> No action taken. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\BMafd83889.xml (Trojan.Vundo) -> No action taken. C:\WINDOWS\BMafd83889.txt (Trojan.Vundo) -> No action taken. Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1631 Windows 5.1.2600 Service Pack 3 08/01/2009 13:29:04 mbam-log-2009-01-08 (13-29-04).txt Type de recherche: Examen rapide Eléments examinés: 49350 Temps écoulé: 4 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
- le 8 janvier 2009
- 1 réponse
logiciels malveillants : chevaux de troie

sorryfortheinconvenience a posté un sujet dans Analyses et éradication malwares

Bonjour à tous ! j'ai cru m'en être débarrassée l'année dernière (meilleurs vœux à tous !) mais les sales bêtes sont toujours là et je ne sais plus quoi faire .... je tente à nouveau le copier/coller du bloc notes RSIT pour voir ??? Logfile of random's system information tool 1.04 (written by random/random) Run by A.B at 2009-01-06 13:39:22 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 143 GB (94%) free of 153 GB Total RAM: 511 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:39:29, on 06/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\SFR\Kit\WiFi\9wifi.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Antivirus 2009\av2009.exe C:\WINDOWS\system32\explorer32.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\A.B\Bureau\RSIT.exe C:\Program Files\trend micro\A.B.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: &Research - {037c7b8a-151a-49e6-baed-cc05fcb50328} - C:\WINDOWS\system32\winsrc.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1627ded6-05e5-4e00-a1df-17e1c14d4490} - (no file) O2 - BHO: (no name) - {241b084d-d9e3-497f-af93-bc005e237f54} - (no file) O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {81e96874-7d40-4663-a721-10970e470089} - C:\WINDOWS\system32\vifiride.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: {675f8aad-e7ab-be19-0174-22861958287d} - {d7828591-6822-4710-91eb-ba7edaa8f576} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Autoconfigurateur WiFi SFR] "C:\Program Files\SFR\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [tawulasubo] Rundll32.exe "C:\WINDOWS\system32\gudeyose.dll",s O4 - HKLM\..\Run: [CPMafd83889] Rundll32.exe "c:\windows\system32\lifosiyo.dll",a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [58640414966733361174395967329220] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe" O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - AppInit_DLLs: c:\windows\system32\makatulo.dll c:\windows\system32\nilokuke.dll C:\WINDOWS\system32\zomuhali.dll c:\windows\system32\lifosiyo.dll O20 - Winlogon Notify: efcBuRIB - efcBuRIB.dll (file missing) O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 6426 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328}] &Research - C:\WINDOWS\system32\winsrc.dll [2009-01-05 329728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1627ded6-05e5-4e00-a1df-17e1c14d4490}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{241b084d-d9e3-497f-af93-bc005e237f54}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81e96874-7d40-4663-a721-10970e470089}] C:\WINDOWS\system32\vifiride.dll [1601-01-01 66260] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7828591-6822-4710-91eb-ba7edaa8f576}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-29 917504] "Autoconfigurateur WiFi SFR"=C:\Program Files\SFR\Kit\WiFi\9wifi.exe [2008-09-01 287984] "tawulasubo"=C:\WINDOWS\system32\gudeyose.dll [1601-01-01 66260] "CPMafd83889"=c:\windows\system32\lifosiyo.dll [2009-01-06 102068] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "58640414966733361174395967329220"=C:\Program Files\Antivirus 2009\av2009.exe [2009-01-05 1626112] "ieupdate"=C:\WINDOWS\system32\explorer32.exe [2009-01-05 121344] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\windows\system32\makatulo.dll c:\windows\system32\nilokuke.dll C:\WINDOWS\system32\zomuhali.dll c:\windows\system32\lifosiyo.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcBuRIB] efcBuRIB.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll [2009-01-06 102068] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll [2009-01-06 102068] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{1627DED6-05E5-4E00-A1DF-17E1C14D4490}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\pmnmlihh "notification packages"=scecli C:\WINDOWS\system32\zomuhali.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe"="C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot" "C:\Program Files\eMule\eMule.exe"="C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus" "C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:Lphant" "C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:jusched" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\ESET\nod32krn.exe"="C:\Program Files\ESET\nod32krn.exe:*:Enabled:nod32krn" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv" "C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2009-01-06 13:36:18 ----A---- C:\WINDOWS\system32\winsrc.dll.tmp 2009-01-05 13:54:35 ----D---- C:\Program Files\Orange 2009-01-05 10:58:46 ----A---- C:\WINDOWS\system32\winsrc.dll 2009-01-05 10:58:45 ----A---- C:\WINDOWS\system32\explorer32.exe 2009-01-05 10:58:28 ----A---- C:\WINDOWS\system32\ieupdates.exe 2009-01-05 10:57:32 ----D---- C:\Program Files\Antivirus 2009 2009-01-02 13:16:41 ----A---- C:\WINDOWS\Outil de configuration automatique.tmp 2009-01-02 13:16:39 ----A---- C:\ConfigurateurLog.txt 2009-01-02 12:37:29 ----SH---- C:\WINDOWS\system32\afavudub.ini 2009-01-02 12:25:12 ----D---- C:\Program Files\SFR 2008-12-29 10:42:26 ----A---- C:\WINDOWS\system32\imon.dll 2008-12-29 10:26:30 ----SH---- C:\WINDOWS\system32\odubiwud.ini 2008-12-18 11:45:42 ----A---- C:\WINDOWS\system32\javaws.exe 2008-12-18 11:45:42 ----A---- C:\WINDOWS\system32\javaw.exe 2008-12-18 11:45:42 ----A---- C:\WINDOWS\system32\java.exe 2008-12-18 09:45:16 ----SH---- C:\WINDOWS\system32\eduteyog.ini 2008-12-17 09:44:45 ----SH---- C:\WINDOWS\system32\avodotot.ini 2008-12-16 15:02:58 ----D---- C:\Program Files\trend micro 2008-12-16 15:02:56 ----D---- C:\rsit 2008-12-16 10:53:10 ----SH---- C:\WINDOWS\system32\emepiyog.ini 2008-12-15 11:05:41 ----D---- C:\Program Files\Avira 2008-12-15 11:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2008-12-15 09:46:26 ----SH---- C:\WINDOWS\system32\wiixcevl.ini 2008-12-11 09:55:18 ----SH---- C:\WINDOWS\system32\yoyrdctu.ini 2008-12-09 12:15:13 ----SH---- C:\WINDOWS\system32\nkgqlqbr.ini 2008-12-08 10:22:27 ----SH---- C:\WINDOWS\system32\dbqaksqa.ini ======List of files/folders modified in the last 1 months====== 2009-01-06 13:39:29 ----D---- C:\WINDOWS\Prefetch 2009-01-06 13:38:54 ----D---- C:\WINDOWS\Temp 2009-01-06 13:38:53 ----ASH---- C:\WINDOWS\system32\lifosiyo.dll 2009-01-06 13:38:49 ----ASH---- C:\WINDOWS\system32\hakaduki.dll 2009-01-06 13:38:20 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-06 13:37:59 ----D---- C:\WINDOWS\system32 2009-01-06 13:36:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-06 11:37:31 ----D---- C:\WINDOWS 2009-01-05 16:15:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-05 15:34:55 ----D---- C:\Program Files\Fichiers communs\InstallShield 2009-01-05 15:34:40 ----HD---- C:\Program Files\InstallShield Installation Information 2009-01-05 15:07:56 ----D---- C:\Program Files\Mozilla Firefox 2009-01-05 13:54:35 ----RD---- C:\Program Files 2009-01-05 13:20:20 ----D---- C:\Program Files\Mozilla Thunderbird 2009-01-05 12:50:56 ----SHD---- C:\WINDOWS\Installer 2009-01-05 11:53:14 ----ASH---- C:\WINDOWS\system32\kutosiva.dll 2009-01-02 13:35:33 ----D---- C:\WINDOWS\system32\drivers 2009-01-02 12:37:20 ----ASH---- C:\WINDOWS\system32\daguroma.dll 2009-01-02 12:37:19 ----ASH---- C:\WINDOWS\system32\zunubodu.dll 2009-01-02 12:25:26 ----HD---- C:\WINDOWS\inf 2008-12-29 12:07:17 ----D---- C:\Config.Msi 2008-12-29 12:06:45 ----D---- C:\WINDOWS\WinSxS 2008-12-29 12:05:36 ----D---- C:\Program Files\Fichiers communs\Teleca Shared 2008-12-29 12:05:18 ----D---- C:\Program Files\Fichiers communs 2008-12-29 12:04:16 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-12-29 11:56:55 ----D---- C:\Program Files\ESET 2008-12-18 11:59:10 ----D---- C:\Program Files\Java 2008-12-18 11:04:23 ----D---- C:\Program Files\WebSite X5 Evolution 2008-12-18 11:03:26 ----D---- C:\Program Files\LMSOFT Web Creator Pro 4 2008-12-15 12:11:26 ----ASH---- C:\WINDOWS\system32\hhilmnmp.ini 2008-12-15 12:10:08 ----ASH---- C:\WINDOWS\system32\hhilmnmp.ini2 2008-12-15 10:52:53 ----D---- C:\Program Files\Lphant 2008-12-15 09:43:45 ----A---- C:\WINDOWS\system32\a7c8cf6b-.txt 2008-12-11 09:57:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-12-11 09:57:12 ----D---- C:\Documents and Settings\A.B\Application Data\Lavasoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 amon;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 pcasp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys [2005-02-22 265984] S3 rkhit;rkhit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [] S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600] S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360] S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184] S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688] S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704] S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560] S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 antivirscheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 antivirservice;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-29 495616] R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-----------------
- le 6 janvier 2009
- 1 réponse
c'est magique

sorryfortheinconvenience a posté un sujet dans Analyses et éradication malwares

je n'y crois pas ! je n'ai rien fait exploser, je n'ai plus d'onglets en folie, je navigue à nouveau normalement ... en 1 mot : MERCI A TOUS POUR VOTRE AIDE ! ça réconcilie avec l'informatique et avec la race humaine. pourquoi n'y-a-t-il pas autant de solidarité dans la vie réelle que sur les forums ????? Bravo et encore merci !
- le 16 décembre 2008
- 1 réponse
suppression cheval de troie

sorryfortheinconvenience a posté un sujet dans Analyses et éradication malwares

Bonjour, nouvelle sur le forum, j'ai suivi vos conseils pour supprimer de nombreux chevaux de troie identifiés par Antivir comme cheval de Troie TR/Vundo.NU impossibles de supprimer. j'espère ne pas créer de malaise en poursuivant la manip (je suis néophyte) et en collant sur mon post les rapports ? si ça fonctionne, 1000 mercis pour votre aide. dans le cas contraire, j'espère que vous ne m'en voudrez pas ?! info.txt logfile of random's system information tool 1.04 2008-12-16 15:03:32 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 6.0 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" GreenBox LogoMaker 1.2-->"C:\Program Files\Studio V5\GreenBox\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix pour Microsoft .NET Framework 2.0 (KB923028)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {73D52F77-81F4-4C78-A145-FD15EDF940FA} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Incomedia WebSite X5 Evolution-->C:\WINDOWS\system32\iwpsetup.exe Uninst /Evolution /FR /C:\Program Files\WebSite X5 Evolution Inkscape 0.46-->C:\Documents and Settings\A.B\Mes documents\Inkscape\Uninstall.exe J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LMSOFT Web Creator Pro 4-->C:\PROGRA~1\LMSOFT~1\UNWISE.EXE C:\PROGRA~1\LMSOFT~1\INSTALL.LOG Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317} VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Winamp Toolbar for Firefox-->"C:\Documents and Settings\A.B\Application Data\Mozilla\Firefox\Profiles\0janqo17.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: Avira AntiVir PersonalEdition Classic ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Teleca Shared "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Logfile of random's system information tool 1.04 (written by random/random) Run by A.B at 2008-12-16 15:02:56 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 143 GB (94%) free of 153 GB Total RAM: 511 MB (10% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:03:28, on 16/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\A.B\Bureau\RSIT.exe C:\Program Files\trend micro\A.B.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1627ded6-05e5-4e00-a1df-17e1c14d4490} - C:\WINDOWS\system32\efcBuRIB.dll (file missing) O2 - BHO: (no name) - {241b084d-d9e3-497f-af93-bc005e237f54} - C:\WINDOWS\system32\pmnmlihh.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {81e96874-7d40-4663-a721-10970e470089} - C:\WINDOWS\system32\zuyisuro.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: {675f8aad-e7ab-be19-0174-22861958287d} - {d7828591-6822-4710-91eb-ba7edaa8f576} - C:\WINDOWS\system32\pemwgd.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [tawulasubo] Rundll32.exe "C:\WINDOWS\system32\pulobuha.dll",s O4 - HKLM\..\Run: [aceb0b15] rundll32.exe "C:\WINDOWS\system32\goyipeme.dll",b O4 - HKLM\..\Run: [CPMafd83889] Rundll32.exe "c:\windows\system32\jurumoku.dll",a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\gepibura.dll c:\windows\system32\jurumoku.dll O20 - Winlogon Notify: efcBuRIB - efcBuRIB.dll (file missing) O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jurumoku.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jurumoku.dll O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 6415 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1627ded6-05e5-4e00-a1df-17e1c14d4490}] C:\WINDOWS\system32\efcBuRIB.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{241b084d-d9e3-497f-af93-bc005e237f54}] C:\WINDOWS\system32\pmnmlihh.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81e96874-7d40-4663-a721-10970e470089}] C:\WINDOWS\system32\zuyisuro.dll [2008-09-16 64788] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7828591-6822-4710-91eb-ba7edaa8f576}] C:\WINDOWS\system32\pemwgd.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "tawulasubo"=C:\WINDOWS\system32\pulobuha.dll [2008-09-16 64788] "aceb0b15"=C:\WINDOWS\system32\goyipeme.dll [2008-12-16 88245] "CPMafd83889"=c:\windows\system32\jurumoku.dll [2008-12-16 95362] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\gepibura.dll c:\windows\system32\jurumoku.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcBuRIB] efcBuRIB.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jurumoku.dll [2008-12-16 95362] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jurumoku.dll [2008-12-16 95362] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{1627DED6-05E5-4E00-A1DF-17E1C14D4490}"=C:\WINDOWS\system32\efcBuRIB.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\pmnmlihh "notification packages"=scecli C:\WINDOWS\system32\gepibura.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe"="C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot" "C:\Program Files\eMule\eMule.exe"="C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus" "C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:Lphant" "C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:jusched" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\ESET\nod32krn.exe"="C:\Program Files\ESET\nod32krn.exe:*:Enabled:nod32krn" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv" "C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 3 months====== 2008-12-16 15:02:58 ----D---- C:\Program Files\trend micro 2008-12-16 15:02:56 ----D---- C:\rsit 2008-12-16 10:53:10 ----SH---- C:\WINDOWS\system32\emepiyog.ini 2008-12-15 11:05:41 ----D---- C:\Program Files\Avira 2008-12-15 11:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2008-12-15 09:46:26 ----SH---- C:\WINDOWS\system32\wiixcevl.ini 2008-12-15 09:44:18 ----A---- C:\ARK11.tmp 2008-12-11 09:55:18 ----SH---- C:\WINDOWS\system32\yoyrdctu.ini 2008-12-09 12:15:13 ----SH---- C:\WINDOWS\system32\nkgqlqbr.ini 2008-12-08 10:22:27 ----SH---- C:\WINDOWS\system32\dbqaksqa.ini 2008-12-05 13:31:10 ----SH---- C:\WINDOWS\system32\ppuyotnc.ini 2008-12-01 11:16:13 ----SH---- C:\WINDOWS\system32\nsbquwac.ini 2008-12-01 11:14:04 ----A---- C:\WINDOWS\system32\vacrih.dll 2008-12-01 11:14:02 ----A---- C:\WINDOWS\system32\rpdokfpa.dll 2008-11-17 09:42:45 ----SH---- C:\WINDOWS\system32\lpepogdw.ini 2008-11-07 10:34:55 ----SH---- C:\WINDOWS\system32\oovyvkpm.ini 2008-10-31 09:16:50 ----SH---- C:\WINDOWS\system32\rbwxjeov.ini 2008-10-28 10:13:55 ----SH---- C:\WINDOWS\system32\kacsfkpn.ini 2008-10-27 09:34:32 ----SH---- C:\WINDOWS\system32\iblkprri.ini 2008-10-20 09:51:22 ----SH---- C:\WINDOWS\system32\eunktvnt.ini 2008-10-14 11:00:54 ----SH---- C:\WINDOWS\system32\aaulevdk.ini 2008-10-14 10:03:50 ----SH---- C:\WINDOWS\system32\cxlanmwu.ini 2008-10-07 08:39:59 ----SH---- C:\WINDOWS\system32\uhwbhkvr.ini 2008-09-30 12:25:01 ----D---- C:\Program Files\Blubster 2008-09-30 10:22:12 ----SH---- C:\WINDOWS\system32\fvcjxcep.ini 2008-09-30 10:20:01 ----A---- C:\WINDOWS\pskt.ini 2008-09-30 10:20:01 ----A---- C:\WINDOWS\BMafd83889.txt 2008-09-30 10:19:27 ----A---- C:\WINDOWS\system32\a7c8cf6b-.txt 2008-09-30 10:19:08 ----ASH---- C:\WINDOWS\system32\hhilmnmp.ini2 2008-09-30 10:19:07 ----ASH---- C:\WINDOWS\system32\hhilmnmp.ini 2008-09-30 08:55:12 ----D---- C:\WINDOWS\Prefetch 2008-09-30 08:50:11 ----D---- C:\WINDOWS\l2schemas 2008-09-30 08:50:10 ----D---- C:\WINDOWS\system32\fr 2008-09-30 08:50:10 ----D---- C:\WINDOWS\system32\bits 2008-09-30 08:47:09 ----D---- C:\WINDOWS\ServicePackFiles 2008-09-30 08:40:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-09-30 08:40:03 ----D---- C:\WINDOWS\EHome 2008-09-29 12:27:49 ----D---- C:\Documents and Settings\A.B\Application Data\LogoMaker 2008-09-29 12:27:11 ----D---- C:\Program Files\Studio V5 2008-09-29 09:47:51 ----D---- C:\Documents and Settings\A.B\Application Data\Artweaver 2008-09-29 09:19:52 ----D---- C:\Program Files\WebSite X5 Evolution 2008-09-29 09:19:46 ----A---- C:\WINDOWS\system32\VB5STKIT.DLL 2008-09-29 09:19:46 ----A---- C:\WINDOWS\system32\iwpsetup.exe 2008-09-29 08:56:24 ----D---- C:\Program Files\Sun 2008-09-29 08:55:52 ----A---- C:\WINDOWS\system32\javaws.exe 2008-09-29 08:55:52 ----A---- C:\WINDOWS\system32\javaw.exe 2008-09-29 08:55:52 ----A---- C:\WINDOWS\system32\java.exe 2008-09-26 11:37:10 ----D---- C:\Program Files\Lphant 2008-09-25 13:17:34 ----D---- C:\Documents and Settings\A.B\Application Data\Inkscape 2008-09-25 12:33:43 ----D---- C:\Documents and Settings\A.B\Application Data\gtk-2.0 2008-09-25 12:30:05 ----D---- C:\Program Files\GIMP-2.0 2008-09-25 11:57:40 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00009.tmp 2008-09-25 11:56:18 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00008.tmp 2008-09-25 11:52:29 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00007.tmp 2008-09-25 11:51:58 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00006.tmp 2008-09-25 11:43:15 ----D---- C:\Projet9 2008-09-25 11:06:35 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00005.tmp 2008-09-25 11:06:23 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00004.tmp 2008-09-25 10:36:28 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00003.tmp 2008-09-25 10:35:57 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00002.tmp 2008-09-25 10:27:36 ----D---- C:\Documents and Settings\A.B\Application Data\~LM00001.tmp 2008-09-25 10:26:13 ----D---- C:\Projet4 2008-09-25 10:09:33 ----D---- C:\Program Files\eMule 2008-09-19 13:57:28 ----D---- C:\WINDOWS\system32\URTTemp 2008-09-19 13:48:17 ----A---- C:\WINDOWS\system32\XceedCry.dll 2008-09-19 13:47:39 ----D---- C:\Program Files\LMSOFT Web Creator Pro 4 2008-09-19 13:37:54 ----D---- C:\Program Files\Maïdo Production ======List of files/folders modified in the last 3 months====== 2008-12-16 15:02:58 ----RD---- C:\Program Files 2008-12-16 14:59:52 ----D---- C:\Program Files\Mozilla Firefox 2008-12-16 14:23:16 ----D---- C:\Program Files\Mozilla Thunderbird 2008-12-16 11:33:56 ----D---- C:\WINDOWS\system32 2008-12-16 11:33:22 ----D---- C:\WINDOWS\Temp 2008-12-16 11:06:52 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-16 10:53:10 ----ASH---- C:\WINDOWS\system32\jurumoku.dll 2008-12-16 10:53:09 ----ASH---- C:\WINDOWS\system32\goyipeme.dll 2008-12-16 09:57:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-16 09:53:01 ----D---- C:\WINDOWS 2008-12-16 09:52:45 ----ASH---- C:\WINDOWS\system32\bosofifa.dll 2008-12-15 15:48:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-15 11:05:43 ----D---- C:\WINDOWS\system32\drivers 2008-12-15 10:55:21 ----D---- C:\Program Files\ESET 2008-12-11 09:57:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-12-11 09:57:12 ----D---- C:\Documents and Settings\A.B\Application Data\Lavasoft 2008-12-11 09:44:26 ----ASH---- C:\WINDOWS\system32\jowukuyu.dll 2008-10-27 09:22:19 ----D---- C:\Config.Msi 2008-10-20 13:12:53 ----SHD---- C:\WINDOWS\Installer 2008-10-20 13:12:08 ----D---- C:\Program Files\MSN Messenger 2008-10-07 10:27:20 ----RSD---- C:\WINDOWS\assembly 2008-10-07 10:27:08 ----D---- C:\WINDOWS\Microsoft.NET 2008-09-30 10:16:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-09-30 10:07:42 ----D---- C:\WINDOWS\WinSxS 2008-09-30 09:57:10 ----HD---- C:\WINDOWS\inf 2008-09-30 09:01:49 ----D---- C:\WINDOWS\Debug 2008-09-30 08:54:53 ----D---- C:\WINDOWS\system32\wbem 2008-09-30 08:54:53 ----D---- C:\WINDOWS\system32\Setup 2008-09-30 08:54:53 ----D---- C:\WINDOWS\AppPatch 2008-09-30 08:54:53 ----D---- C:\Program Files\Messenger 2008-09-30 08:54:52 ----RSD---- C:\WINDOWS\Fonts 2008-09-30 08:53:28 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-30 08:53:08 ----D---- C:\WINDOWS\security 2008-09-30 08:50:27 ----D---- C:\WINDOWS\network diagnostic 2008-09-30 08:50:27 ----D---- C:\WINDOWS\ime 2008-09-30 08:50:27 ----D---- C:\WINDOWS\Help 2008-09-30 08:50:12 ----D---- C:\WINDOWS\system32\usmt 2008-09-30 08:50:12 ----D---- C:\WINDOWS\system32\fr-fr 2008-09-30 08:50:10 ----D---- C:\WINDOWS\PeerNet 2008-09-30 08:50:09 ----D---- C:\Program Files\Movie Maker 2008-09-30 08:46:58 ----D---- C:\WINDOWS\system32\Restore 2008-09-30 08:46:58 ----D---- C:\WINDOWS\system32\npp 2008-09-30 08:46:57 ----D---- C:\WINDOWS\msagent 2008-09-30 08:46:55 ----D---- C:\WINDOWS\srchasst 2008-09-30 08:46:54 ----D---- C:\Program Files\NetMeeting 2008-09-30 08:46:53 ----D---- C:\WINDOWS\system32\Com 2008-09-30 08:46:50 ----D---- C:\Program Files\Windows NT 2008-09-30 08:46:50 ----D---- C:\Program Files\Windows Media Player 2008-09-30 08:46:49 ----D---- C:\Program Files\Outlook Express 2008-09-30 08:46:46 ----D---- C:\Program Files\Fichiers communs\System 2008-09-30 08:46:27 ----D---- C:\WINDOWS\system32\oobe 2008-09-30 08:46:23 ----D---- C:\WINDOWS\system 2008-09-30 08:42:46 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-09-29 10:05:39 ----D---- C:\Program Files\Yahoo! 2008-09-29 08:55:52 ----D---- C:\Program Files\Java 2008-09-26 11:43:37 ----D---- C:\Program Files\Internet Explorer 2008-09-25 15:10:13 ----D---- C:\WINDOWS\Registration 2008-09-25 10:07:26 ----SD---- C:\Documents and Settings\A.B\Application Data\Microsoft 2008-09-25 09:54:33 ----D---- C:\Documents and Settings\A.B\Application Data\FileZilla 2008-09-19 13:57:43 ----D---- C:\WINDOWS\system32\mui 2008-09-19 13:38:10 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-09-19 11:41:33 ----D---- C:\Documents and Settings\A.B\Application Data\Teleca 2008-09-19 09:48:17 ----D---- C:\Program Files\FileZilla FTP Client ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys [2005-02-22 265984] S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600] S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360] S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184] S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688] S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704] S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560] S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 antivirscheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 antivirservice;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- Bon, j'y vais ...
- le 16 décembre 2008
- 1 réponse

Connexion

sorryfortheinconvenience

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par sorryfortheinconvenience

Témoignage et remerciements

logiciels malveillants : chevaux de troie

c'est magique

suppression cheval de troie

Zebulon

Outils en ligne

Naviguer