logiciels malveillants : chevaux de troie

sorryfortheinconvenience · le 6 janvier 2009

Bonjour à tous !

j'ai cru m'en être débarrassée l'année dernière (meilleurs vœux à tous !) mais les sales bêtes sont toujours là et je ne sais plus quoi faire ....

je tente à nouveau le copier/coller du bloc notes RSIT pour voir ???

Logfile of random's system information tool 1.04 (written by random/random)

Run by A.B at 2009-01-06 13:39:22

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 143 GB (94%) free of 153 GB

Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:39:29, on 06/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\SFR\Kit\WiFi\9wifi.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Antivirus 2009\av2009.exe

C:\WINDOWS\system32\explorer32.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\A.B\Bureau\RSIT.exe

C:\Program Files\trend micro\A.B.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: &Research - {037c7b8a-151a-49e6-baed-cc05fcb50328} - C:\WINDOWS\system32\winsrc.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1627ded6-05e5-4e00-a1df-17e1c14d4490} - (no file)

O2 - BHO: (no name) - {241b084d-d9e3-497f-af93-bc005e237f54} - (no file)

O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {81e96874-7d40-4663-a721-10970e470089} - C:\WINDOWS\system32\vifiride.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: {675f8aad-e7ab-be19-0174-22861958287d} - {d7828591-6822-4710-91eb-ba7edaa8f576} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Autoconfigurateur WiFi SFR] "C:\Program Files\SFR\Kit\WiFi\9wifi.exe"

O4 - HKLM\..\Run: [tawulasubo] Rundll32.exe "C:\WINDOWS\system32\gudeyose.dll",s

O4 - HKLM\..\Run: [CPMafd83889] Rundll32.exe "c:\windows\system32\lifosiyo.dll",a

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [58640414966733361174395967329220] C:\Program Files\Antivirus 2009\av2009.exe

O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [java_sun] Java (Sun)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - AppInit_DLLs: c:\windows\system32\makatulo.dll c:\windows\system32\nilokuke.dll C:\WINDOWS\system32\zomuhali.dll c:\windows\system32\lifosiyo.dll

O20 - Winlogon Notify: efcBuRIB - efcBuRIB.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--

End of file - 6426 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328}]

&Research - C:\WINDOWS\system32\winsrc.dll [2009-01-05 329728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1627ded6-05e5-4e00-a1df-17e1c14d4490}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{241b084d-d9e3-497f-af93-bc005e237f54}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81e96874-7d40-4663-a721-10970e470089}]

C:\WINDOWS\system32\vifiride.dll [1601-01-01 66260]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7828591-6822-4710-91eb-ba7edaa8f576}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-29 917504]

"Autoconfigurateur WiFi SFR"=C:\Program Files\SFR\Kit\WiFi\9wifi.exe [2008-09-01 287984]

"tawulasubo"=C:\WINDOWS\system32\gudeyose.dll [1601-01-01 66260]

"CPMafd83889"=c:\windows\system32\lifosiyo.dll [2009-01-06 102068]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"58640414966733361174395967329220"=C:\Program Files\Antivirus 2009\av2009.exe [2009-01-05 1626112]

"ieupdate"=C:\WINDOWS\system32\explorer32.exe [2009-01-05 121344]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="c:\windows\system32\makatulo.dll c:\windows\system32\nilokuke.dll C:\WINDOWS\system32\zomuhali.dll c:\windows\system32\lifosiyo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcBuRIB]

efcBuRIB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll [2009-01-06 102068]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifosiyo.dll [2009-01-06 102068]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{1627DED6-05E5-4E00-A1DF-17E1C14D4490}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\WINDOWS\system32\pmnmlihh

"notification packages"=scecli

C:\WINDOWS\system32\zomuhali.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe"="C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot"

"C:\Program Files\eMule\eMule.exe"="C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus"

"C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:Lphant"

"C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:jusched"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\ESET\nod32krn.exe"="C:\Program Files\ESET\nod32krn.exe:*:Enabled:nod32krn"

"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"

"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-06 13:36:18 ----A---- C:\WINDOWS\system32\winsrc.dll.tmp

2009-01-05 13:54:35 ----D---- C:\Program Files\Orange

2009-01-05 10:58:46 ----A---- C:\WINDOWS\system32\winsrc.dll

2009-01-05 10:58:45 ----A---- C:\WINDOWS\system32\explorer32.exe

2009-01-05 10:58:28 ----A---- C:\WINDOWS\system32\ieupdates.exe

2009-01-05 10:57:32 ----D---- C:\Program Files\Antivirus 2009

2009-01-02 13:16:41 ----A---- C:\WINDOWS\Outil de configuration automatique.tmp

2009-01-02 13:16:39 ----A---- C:\ConfigurateurLog.txt

2009-01-02 12:37:29 ----SH---- C:\WINDOWS\system32\afavudub.ini

2009-01-02 12:25:12 ----D---- C:\Program Files\SFR

2008-12-29 10:42:26 ----A---- C:\WINDOWS\system32\imon.dll

2008-12-29 10:26:30 ----SH---- C:\WINDOWS\system32\odubiwud.ini

2008-12-18 11:45:42 ----A---- C:\WINDOWS\system32\javaws.exe

2008-12-18 11:45:42 ----A---- C:\WINDOWS\system32\javaw.exe

2008-12-18 11:45:42 ----A---- C:\WINDOWS\system32\java.exe

2008-12-18 09:45:16 ----SH---- C:\WINDOWS\system32\eduteyog.ini

2008-12-17 09:44:45 ----SH---- C:\WINDOWS\system32\avodotot.ini

2008-12-16 15:02:58 ----D---- C:\Program Files\trend micro

2008-12-16 15:02:56 ----D---- C:\rsit

2008-12-16 10:53:10 ----SH---- C:\WINDOWS\system32\emepiyog.ini

2008-12-15 11:05:41 ----D---- C:\Program Files\Avira

2008-12-15 11:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2008-12-15 09:46:26 ----SH---- C:\WINDOWS\system32\wiixcevl.ini

2008-12-11 09:55:18 ----SH---- C:\WINDOWS\system32\yoyrdctu.ini

2008-12-09 12:15:13 ----SH---- C:\WINDOWS\system32\nkgqlqbr.ini

2008-12-08 10:22:27 ----SH---- C:\WINDOWS\system32\dbqaksqa.ini

======List of files/folders modified in the last 1 months======

2009-01-06 13:39:29 ----D---- C:\WINDOWS\Prefetch

2009-01-06 13:38:54 ----D---- C:\WINDOWS\Temp

2009-01-06 13:38:53 ----ASH---- C:\WINDOWS\system32\lifosiyo.dll

2009-01-06 13:38:49 ----ASH---- C:\WINDOWS\system32\hakaduki.dll

2009-01-06 13:38:20 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-06 13:37:59 ----D---- C:\WINDOWS\system32

2009-01-06 13:36:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-06 11:37:31 ----D---- C:\WINDOWS

2009-01-05 16:15:02 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-05 15:34:55 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-01-05 15:34:40 ----HD---- C:\Program Files\InstallShield Installation Information

2009-01-05 15:07:56 ----D---- C:\Program Files\Mozilla Firefox

2009-01-05 13:54:35 ----RD---- C:\Program Files

2009-01-05 13:20:20 ----D---- C:\Program Files\Mozilla Thunderbird

2009-01-05 12:50:56 ----SHD---- C:\WINDOWS\Installer

2009-01-05 11:53:14 ----ASH---- C:\WINDOWS\system32\kutosiva.dll

2009-01-02 13:35:33 ----D---- C:\WINDOWS\system32\drivers

2009-01-02 12:37:20 ----ASH---- C:\WINDOWS\system32\daguroma.dll

2009-01-02 12:37:19 ----ASH---- C:\WINDOWS\system32\zunubodu.dll

2009-01-02 12:25:26 ----HD---- C:\WINDOWS\inf

2008-12-29 12:07:17 ----D---- C:\Config.Msi

2008-12-29 12:06:45 ----D---- C:\WINDOWS\WinSxS

2008-12-29 12:05:36 ----D---- C:\Program Files\Fichiers communs\Teleca Shared

2008-12-29 12:05:18 ----D---- C:\Program Files\Fichiers communs

2008-12-29 12:04:16 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-12-29 11:56:55 ----D---- C:\Program Files\ESET

2008-12-18 11:59:10 ----D---- C:\Program Files\Java

2008-12-18 11:04:23 ----D---- C:\Program Files\WebSite X5 Evolution

2008-12-18 11:03:26 ----D---- C:\Program Files\LMSOFT Web Creator Pro 4

2008-12-15 12:11:26 ----ASH---- C:\WINDOWS\system32\hhilmnmp.ini

2008-12-15 12:10:08 ----ASH---- C:\WINDOWS\system32\hhilmnmp.ini2

2008-12-15 10:52:53 ----D---- C:\Program Files\Lphant

2008-12-15 09:43:45 ----A---- C:\WINDOWS\system32\a7c8cf6b-.txt

2008-12-11 09:57:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-12-11 09:57:12 ----D---- C:\Documents and Settings\A.B\Application Data\Lavasoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 amon;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 pcasp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys [2005-02-22 265984]

S3 rkhit;rkhit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []

S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]

S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]

S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]

S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]

S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]

S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]

S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 antivirscheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 antivirservice;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-29 495616]

R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

angelique · le 6 janvier 2009

• tu as 2 AV , Nod32 en guard et antivir , , faut en desinstaller 1

• ferme ton navigateur internet (tu enregistre la page d'explication donc , afin de pouvoir la consulter!!!)

• relance HijackThis " do a system scan only" , coche uniquement et clic fixchecked les lignes ci dessous::