Gros pb

ivy · le 3 décembre 2007

bonjour

et hop, voici le rapport de search.bat :

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

AutoRestartShell REG_DWORD 0x1

DefaultDomainName REG_SZ TEST-A3GDR2V1PE

DefaultUserName REG_SZ ivy

LegalNoticeCaption REG_SZ

LegalNoticeText REG_SZ

PowerdownAfterShutdown REG_SZ 0

ReportBootOk REG_SZ 1

Shell REG_SZ Explorer.exe

ShutdownWithoutLogon REG_SZ 0

System REG_SZ

Userinit REG_SZ C:\WINDOWS\system32\Userinit.exe,

VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"

SfcQuota REG_DWORD 0xffffffff

allocatecdroms REG_SZ 0

allocatedasd REG_SZ 0

allocatefloppies REG_SZ 0

cachedlogonscount REG_SZ 10

forceunlocklogon REG_DWORD 0x0

passwordexpirywarning REG_DWORD 0xe

scremoveoption REG_SZ 0

AllowMultipleTSSessions REG_DWORD 0x1

UIHost REG_EXPAND_SZ logonui.exe

LogonType REG_DWORD 0x1

Background REG_SZ 0 0 0

DebugServerCommand REG_SZ no

SFCDisable REG_DWORD 0x0

WinStationsDisabled REG_SZ 0

HibernationPreviouslyEnabled REG_DWORD 0x1

ShowLogonOptions REG_DWORD 0x0

AltDefaultUserName REG_SZ ivy

AltDefaultDomainName REG_SZ TEST-A3GDR2V1PE

KeepRasConnections REG_SZ 0

DontDisplayLastUserName REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}

<SANS NOM> REG_SZ Sans fil

ProcessGroupPolicy REG_SZ ProcessWIRELESSPolicy

DllName REG_EXPAND_SZ gptext.dll

NoUserPolicy REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}

<SANS NOM> REG_SZ Folder Redirection

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx

DllName REG_EXPAND_SZ fdeploy.dll

NoMachinePolicy REG_DWORD 0x1

NoSlowLink REG_DWORD 0x1

PerUserLocalSettings REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x0

NoBackgroundPolicy REG_DWORD 0x0

GenerateGroupPolicy REG_SZ GenerateGroupPolicy

EventSources REG_MULTI_SZ (Folder Redirection,Application)\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}

<SANS NOM> REG_SZ Quota du disque Microsoft

NoMachinePolicy REG_DWORD 0x0

NoUserPolicy REG_DWORD 0x1

NoSlowLink REG_DWORD 0x1

NoBackgroundPolicy REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

PerUserLocalSettings REG_DWORD 0x0

RequiresSuccessfulRegistry REG_DWORD 0x1

EnableAsynchronousProcessing REG_DWORD 0x0

DllName REG_EXPAND_SZ dskquota.dll

ProcessGroupPolicy REG_SZ ProcessGroupPolicy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}

<SANS NOM> REG_SZ Planificateur de paquets QoS

ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy

DllName REG_EXPAND_SZ gptext.dll

NoUserPolicy REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}

<SANS NOM> REG_SZ Scripts

ProcessGroupPolicy REG_SZ ProcessScriptsGroupPolicy

ProcessGroupPolicyEx REG_SZ ProcessScriptsGroupPolicyEx

GenerateGroupPolicy REG_SZ GenerateScriptsGroupPolicy

DllName REG_EXPAND_SZ gptext.dll

NoSlowLink REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

NotifyLinkTransition REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}

<SANS NOM> REG_SZ Mappage de zones Internet Explorer

DllName REG_EXPAND_SZ iedkcs32.dll

ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap

NoGPOListChanges REG_DWORD 0x1

RequiresSucessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}

ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO

GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy

ExtensionRsopPlanningDebugLevel REG_DWORD 0x1

ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx

ExtensionDebugLevel REG_DWORD 0x1

DllName REG_EXPAND_SZ scecli.dll

<SANS NOM> REG_SZ Security

NoUserPolicy REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

EnableAsynchronousProcessing REG_DWORD 0x1

MaxNoGPOListChangesInterval REG_DWORD 0x3c0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx

GenerateGroupPolicy REG_SZ GenerateGroupPolicy

ProcessGroupPolicy REG_SZ ProcessGroupPolicy

DllName REG_EXPAND_SZ iedkcs32.dll

<SANS NOM> REG_SZ Personnalisation de Internet Explorer

NoSlowLink REG_DWORD 0x1

NoBackgroundPolicy REG_DWORD 0x0

NoGPOListChanges REG_DWORD 0x1

NoMachinePolicy REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}

ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO

DllName REG_EXPAND_SZ scecli.dll

<SANS NOM> REG_SZ EFS recovery

NoUserPolicy REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}

<SANS NOM> REG_SZ Installation de logiciel

DllName REG_EXPAND_SZ appmgmts.dll

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx

GenerateGroupPolicy REG_SZ GenerateGroupPolicy

NoBackgroundPolicy REG_DWORD 0x0

RequiresSucessfulRegistry REG_DWORD 0x0

NoSlowLink REG_DWORD 0x1

PerUserLocalSettings REG_DWORD 0x1

EventSources REG_MULTI_SZ (Application Management,Application)(MsiInstaller,Application)\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}

<SANS NOM> REG_SZ Sécurité IP

ProcessGroupPolicy REG_SZ ProcessIPSECPolicy

DllName REG_EXPAND_SZ gptext.dll

NoUserPolicy REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

Asynchronous REG_DWORD 0x0

Impersonate REG_DWORD 0x0

DllName REG_EXPAND_SZ crypt32.dll

Logoff REG_SZ ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

Asynchronous REG_DWORD 0x0

Impersonate REG_DWORD 0x0

DllName REG_EXPAND_SZ cryptnet.dll

Logoff REG_SZ CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

DLLName REG_SZ cscdll.dll

Logon REG_SZ WinlogonLogonEvent

Logoff REG_SZ WinlogonLogoffEvent

ScreenSaver REG_SZ WinlogonScreenSaverEvent

Startup REG_SZ WinlogonStartupEvent

Shutdown REG_SZ WinlogonShutdownEvent

StartShell REG_SZ WinlogonStartShellEvent

Impersonate REG_DWORD 0x0

Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

DLLName REG_SZ wlnotify.dll

Logon REG_SZ SCardStartCertProp

Logoff REG_SZ SCardStopCertProp

Lock REG_SZ SCardSuspendCertProp

Unlock REG_SZ SCardResumeCertProp

Enabled REG_DWORD 0x1

Impersonate REG_DWORD 0x1

Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

Asynchronous REG_DWORD 0x0

DllName REG_EXPAND_SZ wlnotify.dll

Impersonate REG_DWORD 0x0

StartShell REG_SZ SchedStartShell

Logoff REG_SZ SchedEventLogOff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

Logoff REG_SZ WLEventLogoff

Impersonate REG_DWORD 0x0

Asynchronous REG_DWORD 0x1

DllName REG_EXPAND_SZ sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

DLLName REG_SZ WlNotify.dll

Lock REG_SZ SensLockEvent

Logon REG_SZ SensLogonEvent

Logoff REG_SZ SensLogoffEvent

Safe REG_DWORD 0x1

MaxWait REG_DWORD 0x258

StartScreenSaver REG_SZ SensStartScreenSaverEvent

StopScreenSaver REG_SZ SensStopScreenSaverEvent

Startup REG_SZ SensStartupEvent

Shutdown REG_SZ SensShutdownEvent

StartShell REG_SZ SensStartShellEvent

PostShell REG_SZ SensPostShellEvent

Disconnect REG_SZ SensDisconnectEvent

Reconnect REG_SZ SensReconnectEvent

Unlock REG_SZ SensUnlockEvent

Impersonate REG_DWORD 0x1

Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

Asynchronous REG_DWORD 0x0

DllName REG_EXPAND_SZ wlnotify.dll

Impersonate REG_DWORD 0x0

Logoff REG_SZ TSEventLogoff

Logon REG_SZ TSEventLogon

PostShell REG_SZ TSEventPostShell

Shutdown REG_SZ TSEventShutdown

StartShell REG_SZ TSEventStartShell

Startup REG_SZ TSEventStartup

MaxWait REG_DWORD 0x258

Reconnect REG_SZ TSEventReconnect

Disconnect REG_SZ TSEventDisconnect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

DLLName REG_SZ wlnotify.dll

Logon REG_SZ RegisterTicketExpiredNotificationEvent

Logoff REG_SZ UnregisterTicketExpiredNotificationEvent

Impersonate REG_DWORD 0x1

Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

HelpAssistant REG_DWORD 0x0

TsInternetUser REG_DWORD 0x0

SQLAgentCmdExec REG_DWORD 0x0

NetShowServices REG_DWORD 0x0

IWAM_ REG_DWORD 0x10000

IUSR_ REG_DWORD 0x10000

VUSR_ REG_DWORD 0x10000

ASPNET REG_DWORD 0x0

UfhIZkkIghDD REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

et le main text de DSS :

Deckard's System Scanner v20071014.68

Run by ivy on 2007-12-03 10:26:54

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --

2: 2007-12-03 09:27:24 UTC - RP36 - Deckard's System Scanner Restore Point

1: 2007-12-01 19:24:18 UTC - RP35 - Point de vérification système

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 0.56 GiB (less than 15%) free.

-- HijackThis (run as ivy.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:28:57, on 03/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\DOCUMENTS AND SETTINGS\IVY\BUREAU\PROCESS-EXPLORER_PROCESS_EXPLORER_10.21_ANGLAIS_14566\PROCEXP.EXE

C:\Documents and Settings\ivy\Bureau\dss.exe

C:\DOCUME~1\ivy\Bureau\ivy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linternaute.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Class - {BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Explorateur Windows.lnk = C:\WINDOWS\explorer.exe

O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ZoneAlarm Security.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://c:\program files\microsoft office\office11\excel.exe/3000

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196611154000

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwared...on_2_0_4_10.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--

End of file - 5774 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>

S3 MEMSWEEP2 - c:\windows\system32\12.tmp (file missing)

S4 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)

S4 adiusbae (USB ADSL LAN Adapter) - c:\windows\system32\drivers\adiusbae.sys (file missing)

S4 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SysWpg - "c:\program files\fichiers communs\services\iqlznyq.exe"

S3 clr_optimization_v2.0.50215_32 (.NET Runtime Optimization Service v2.0.50215_X86) - c:\windows\microsoft.net\framework\v2.0.50215\mscorsvw.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-02 17:06:14 0 d-------- C:\WINDOWS\report

2007-12-02 17:04:47 0 d-------- C:\WINDOWS\AU_Backup

2007-12-02 17:04:45 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>

2007-12-02 17:04:45 71749 --a------ C:\WINDOWS\hcextoutput.dll

2007-12-02 17:04:44 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>

2007-12-02 17:04:44 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>

2007-12-02 17:02:18 0 d-------- C:\WINDOWS\AU_Temp

2007-12-02 17:02:17 0 d-------- C:\WINDOWS\AU_Log

2007-12-02 17:02:08 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>

2007-12-02 17:02:06 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>

2007-12-02 17:02:04 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>

2007-12-02 11:15:15 0 dr-h----- C:\Documents and Settings\ivy\Recent

2007-12-01 17:37:50 0 d-------- C:\Program Files\12Ghosts

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\UC.PIF

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\RAR.PIF

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\LHA.PIF

2007-12-01 17:32:32 545 --a------ C:\WINDOWS\ARJ.PIF

2007-12-01 17:32:32 0 d-------- C:\Program Files\totalcmd

2007-11-30 11:54:40 0 d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2

2007-11-30 11:43:16 0 d-------- C:\Program Files\OpenOffice.org 2.3

2007-11-20 11:24:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe

2007-11-19 22:51:16 0 d-------- C:\Program Files\Java

2007-11-19 22:50:20 0 d-------- C:\Program Files\Fichiers communs\Java

2007-11-19 18:12:48 0 d-------- C:\Program Files\msn gaming zone

2007-11-18 20:55:07 0 d-------- C:\Documents and Settings\ivy\Application Data\Grisoft

2007-11-18 20:54:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-18 18:35:19 0 d-------- C:\Program Files\Trend Micro

2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-11-16 19:16:50 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo

2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Recent

2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Modèles

2007-11-16 19:16:50 0 d-------- C:\Documents and Settings\Administrateur\Mes documents

2007-11-16 19:16:50 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings

2007-11-16 19:16:50 0 d-------- C:\Documents and Settings\Administrateur\Favoris

2007-11-16 19:16:50 0 d---s---- C:\Documents and Settings\Administrateur\Cookies

2007-11-16 19:16:50 0 d-------- C:\Documents and Settings\Administrateur\Bureau

2007-11-16 19:16:50 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data

2007-11-16 19:16:50 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

2007-11-16 19:16:49 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT

2007-11-16 17:02:02 0 d--h----- C:\WINDOWS\system32\GroupPolicy

2007-11-10 23:22:54 0 d-------- C:\WINDOWS\system32\oodag

2007-11-09 11:06:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2007-11-08 18:16:37 0 d-------- C:\Program Files\Safarp

2007-11-08 16:20:28 0 d-------- C:\Documents and Settings\ivy\DoctorWeb

2007-11-08 15:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-08 15:02:00 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll

-- Find3M Report ---------------------------------------------------------------

2007-12-02 15:30:50 827879 --a------ C:\Program Files\DiagHelp.zip

2007-12-01 22:16:52 0 d-------- C:\Documents and Settings\ivy\Application Data\Lavasoft

2007-12-01 22:16:46 0 d-------- C:\Documents and Settings\ivy\Application Data\Image Zone Express

2007-12-01 22:16:16 0 d-------- C:\Documents and Settings\ivy\Application Data\Identities

2007-12-01 22:15:37 0 d-------- C:\Documents and Settings\ivy\Application Data\HP

2007-12-01 22:15:30 0 d-------- C:\Documents and Settings\ivy\Application Data\Help

2007-12-01 22:14:33 0 d-------- C:\Documents and Settings\ivy\Application Data\Google

2007-12-01 22:13:56 0 d-------- C:\Documents and Settings\ivy\Application Data\dvdcss

2007-12-01 22:13:50 0 d-------- C:\Documents and Settings\ivy\Application Data\AdobeUM

2007-12-01 22:08:56 0 d-------- C:\Documents and Settings\ivy\Application Data\Adobe

2007-11-29 16:32:21 0 d-------- C:\Program Files\Fichiers communs

2007-11-27 15:21:35 0 d-------- C:\Program Files\BSW

2007-11-20 16:42:05 863 --a------ C:\Program Files\i_view32.ini

2007-11-19 18:12:50 0 d-------- C:\Program Files\Windows NT

2007-11-19 16:12:18 469544 --a----c- C:\WINDOWS\system32\perfh00C.dat

2007-11-19 16:12:18 75986 --a----c- C:\WINDOWS\system32\perfc00C.dat

2007-11-08 15:45:19 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-10-07 07:54:09 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [15/07/2004 10:42]

"nwiz"="nwiz.exe" [15/07/2004 10:42 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [15/07/2004 10:42]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05/05/2003 08:57]

"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [12/12/2005 22:18]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25/10/2007 17:20]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/05/2005 23:12]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/03/2007 23:02]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]

C:\Documents and Settings\ivy\Menu D‚marrer\Programmes\D‚marrage\

Explorateur Windows.lnk - C:\WINDOWS\explorer.exe [29/08/2002 10:45:10]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [02/10/2006 11:03:20]

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26]

ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [30/03/2007 02:29:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=1 (0x1)

"NoRecentDocsMenu"=1 (0x1)

"NoFavoritesMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]

Debugger="c:\windows\system32\pliftgwd.ver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]

Debugger="C:\DOCUMENTS AND SETTINGS\IVY\BUREAU\PROCESS-EXPLORER_PROCESS_EXPLORER_10.21_ANGLAIS_14566\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2007-12-03 10:33:30 ------------

merci encore pour ton aide, et bonne journée

Thanos · le 3 décembre 2007

salut

J'aimerai stp que tu expédie un fichier à des fins d'analyse stp > c:\windows\system32\pliftgwd.ver

1) Rend toi à la page suivante =>

Sous le champs :"Veuillez sélectionner votre fichier:" clique sur le bouton "Parcourir" et recherche le fichier pliftgwd.ver qui se trouve dans C:\WINDOWS\system32
Une fois le fichier pointé avec la souris, clique sur le bouton Ouvrir
Dans le champs:"Veuillez indiquer ci-dessous le message destiné à notre équipe:" copie/colle la note suivante=>

Citation
fichier inconnu

Clique enfin sur le bouton Envoyer

Note: si tu ne vois pas le fichier, c'est parce qu'il est peut être caché, pour le voir fais ceci au préalable >

Citation
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

1) Télécharge combofix.exe de sUBs

Assure toi que tous les programmes sont fermés avant de lancer le fix!
Fait un double clique sur combofix.exe.
Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
Tape sur la touche 1 pour démarrer le scan.
Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
Si le rapport est trop long, poste le en deux fois.

Courage

ivy · le 3 décembre 2007

snif... pardon, j'essuie une petite larme. snif, snif, snif... :'(

:')

mon bureau avec tout plein d'icônes est revenu ! (il était tout nu tout vide depuis deux jours)

j'ai retrouvé mon bouton démarrer avec plein de trucs super chouettes dedans !

et ma barre des tâches !

:P MERCI CHARLES INGALS ! :-?

pardon, je crie, mais je suis super contente.

bon, soyons sérieux deux minutes :

- je n'ai pas trouvé le fichier c:\windows\system32\pliftgwd.ver dans mon ordi, mais c'est celui que j'avais zigouillé avec 12shredder. je l'ai quand même envoyé à l'adresse indiquée, parce que j'avais noté le chemin... j'espère que je n'ai pas fait de bêtise

- l'adresse pour combofix ne fonctionne plus, mais on peut passer par là : http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

ça a bidouillé plein de trucs, alors je suis partie manger. et quand je suis revenue, tout remarchait comme au premier jour

voici le rapport :

ComboFix 07-12-02.7 - ivy 2007-12-03 17:35:18.1 - NTFSx86

Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))))))))

.

2007-12-03 12:05 . 2007-12-03 12:06 <REP> d-------- C:\Program Files\AusLogics Disk Defrag

2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard

2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report

2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup

2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855

2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855

2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn

2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe

2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll

2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll

2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini

2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp

2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log

2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE

2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini

2007-12-02 15:30 . 2007-12-02 15:30 827,879 --a------ C:\Program Files\DiagHelp.zip

2007-12-01 17:37 . 2007-12-01 17:37 <REP> d-------- C:\Program Files\12Ghosts

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF

2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF

2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini

2007-11-30 11:54 . 2007-12-02 11:18 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2

2007-11-30 11:54 . 2007-12-02 11:18 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\OpenOffice.org2

2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3

2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java

2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java

2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft

2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\Grisoft

2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro

2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI

2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag

2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7

2007-11-08 18:16 . 2007-11-08 18:20 <REP> d-------- C:\Program Files\Safarp

2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll

2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-03 15:21 --------- d-----w C:\Program Files\BSW

2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft

2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express

2007-12-01 21:16 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\Lavasoft

2007-12-01 21:16 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\Image Zone Express

2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP

2007-12-01 21:15 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\HP

2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss

2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM

2007-12-01 21:13 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\dvdcss

2007-12-01 21:13 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\AdobeUM

2007-11-20 15:42 863 ----a-w C:\Program Files\i_view32.ini

2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE

2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt

2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt

2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt

2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe

2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe

2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm

2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt

2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt

2004-08-19 23:09 86,528 ------w C:\Program Files\Fichiers communs\rFj.exe

2004-08-19 23:09 79,872 ----a-w C:\Program Files\Fichiers communs\trV.exe

2004-08-19 23:09 169,984 ------w C:\Program Files\Fichiers communs\uHFiI.exe

2004-08-19 23:09 141,824 ------w C:\Program Files\Fichiers communs\sXwjvl.exe

2004-08-19 23:09 119,808 ------w C:\Program Files\Fichiers communs\ErLfjM.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

C:\Documents and Settings\ivy\Menu D‚marrer\Programmes\D‚marrage\

Explorateur Windows.lnk - C:\WINDOWS\explorer.exe [2002-08-29 10:45:10]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\

avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-10-02 11:03:20]

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-03-30 02:29:36]

C:\DOCUME~1\ivy\MENUDM~1\PROGRA~1\DMARRA~1\

Explorateur Windows.lnk - C:\WINDOWS\explorer.exe [2002-08-29 10:45:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsMenu"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-03 17:52:27

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt5.rjh

scanning hidden files ...

C:\WINDOWS\biuya1.dll 92831 bytes executable

C:\WINDOWS\system32\lpt5.rjh 165014 bytes executable

**************************************************************************

.

Completion time: 2007-12-03 17:58:34

.

--- E O F ---

voilà, je vais relire tout le forum les sujets épinglés du forum sécurité de zébulon pour essayer de prévenir d'éventuels problèmes ultérieurs (je ne pouvais plus le faire jusqu'à hier, toute tentative de ma part était bloquée).

est-ce que j'ai d'autres instructions, monsieur charles ?

en tout cas, encore un immense merci !

sincèrement, en lançant combofix, je n'y croyais plus trop... alors je réfléchissais pour savoir comment m'organiser sans bureau, sans barre des tâches, sans bouton démarrer... c'est pour ça que j'ai été tellement "émue" en revoyant mon bureau. oui, c'est débile, mais j'ai été réellement émue; hihi

MERCI !

Thanos · le 3 décembre 2007

salut ivy

Oui il y a encore du boulot car je vois des éléments infectieux.

Le fait d'avoir retrouvé ton bureau va nous faciliter la tâche

Peux tu stp faire ce scan en ligne ? >

Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien=> Cybersécurité

Fais un scan en ligne Kaspersky
Clique sur Accept
Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
clique une nouvelle fois sur "Accept"
Les bases de mises à jour vont s'installer, patiente un moment
Clique sur Next.
Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Colle ce rapport dans ta réponse sur le forum.

Aide en cas de problème :Cybersécurité

NOTE: Le scan est à faire avec Internet Explorer.

e vais analyser ton rapport en détail pendant ce temps...

Edit: je te lirai plus tard (après le boulot)....

Modifié le 3 décembre 2007 par charles ingals

ivy · le 3 décembre 2007

rho, saloperie (les éléments infectieux) !

bon, voici le rapport kaspersky

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, December 03, 2007 9:51:50 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 3/12/2007

Kaspersky Anti-Virus database records: 471314

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 32450

Number of viruses found: 2

Number of infected objects: 2

Number of suspicious objects: 0

Duration of the scan process: 01:20:52

Infected Object Name / Virus Name / Last Action

C:\Deckard\System Scanner\backup\DOCUME~1\ivy\LOCALS~1\Temp\joboemfaDR2V1PE.dll Infected: Trojan.Win32.Inject.mf skipped

C:\Documents and Settings\ivy\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ivy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ivy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ivy\Local Settings\Temp\Perflib_Perfdata_2ee0.dat Object is locked skipped

C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ivy\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\ivy\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\Program Files\Fichiers communs\ErLfjM.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\ABR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\aKflkn.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\aqv.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\FAD.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\faS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\FlVmWNf.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Fqzsos.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\kaH.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\KjD.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\KomNgk.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Laf.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\ODHqAvS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\OQV.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\oYFfB.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\qIiCos.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\qIivxO.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\QIY.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\RhYi.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\SnB.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\twpiP.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\ULr.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\UXb.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\xmL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Microsoft Shared\YWbUPU.exe Object is locked skipped

C:\Program Files\Fichiers communs\rFj.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\ADVp.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\BjYIu.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Bkj.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\bRF.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\BtM.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\CgR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\CNJYKL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\CqEqzg.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\CQv.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Cslvn.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Cxq.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\cXR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\CZL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\dByOO.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\DDE.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\DIf.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\dseOjSp.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Dsvv.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\eby.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\eGQNS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\EnfiyOm.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\EoVifJ.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\epR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\eQpsFF.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\ESk.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\evPmnHA.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\EXogh.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\fGp.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\fMHoUZN.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\fzjOiAB.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\GCN.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\gqL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\GuLT.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\GYq.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\gzjJA.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\hDvsK.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\HMP.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\HTs.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\hzt.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\IdK.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\iEscIZL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\iMVs.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\IQLZNYq.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Jti.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\jZaTb.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Kgp.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\KOkeLR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\KpE.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\kZt.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\lAZdR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\LdD.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\LgosMv.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\LNT.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\loLlmaS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\lOUf.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\lqyxSzp.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\LrN.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\lsS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\lUPBuV.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\lxo.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\mfR.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\MjbNcK.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\MnWfcu.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\moK.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\MUS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\MXy.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\mzplZJj.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\nCV.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\nEV.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\NhjwZv.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\NnRChAa.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\NTXUA.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\nUFUc.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\nVtXfio.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\oAq.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\oIf.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\oJg.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\OSZ.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Otk.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\oub.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\pAZ.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\PDk.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\PRPVmnV.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\PSv.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\qiTYrW.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\QLL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\QlwNOHk.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\qPjDCl.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\QrvKaLj.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\qTW.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\qWeUp.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\RraXVeK.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\rWQ.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\sEO.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\Slh.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\sPEOYeg.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\SrvUL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\suZoTDb.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\SwI.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\sYL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\taH.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\tGyXr.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\TnIScS.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\twF.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\uAbqK.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\UDduDb.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\ulKQr.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\UMJDi.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\UoUkWh.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\UUs.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\uvwFx.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\uWL.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\vrhHg.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\vYiMT.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\wlZ.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\wUn.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\XgMY.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\xWDpYlO.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\xWTLBQ.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\YdYBvGl.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\yhf.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\ykO.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\yOWxG.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\ZIQbW.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\ZlvjTCt.exe Object is locked skipped

C:\Program Files\Fichiers communs\Services\zTg.exe Object is locked skipped

C:\Program Files\Fichiers communs\sXwjvl.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\ABfZKW.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\AIE.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\AIxohTY.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\aXbZpqL.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\bAw.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\BHXOJJ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\BNP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\bZN.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\CHSiOkV.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\dkr.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\duc.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\dZqcBp.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\efE.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\EFO.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\eip.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\eJn.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\ENToyj.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\equ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\EuM.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\ewcyxk.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\FLi.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\fNIEMK.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\FpR.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\FUU.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\fvIN.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\gfP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\GJK.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\gxM.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\hol.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\hPj.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\hRiYV.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\icPZg.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\ImhSY.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\iqoJ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\IyE.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\JAX.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\JdRMuS.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\jGu.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\jhiUu.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\jJzCrXl.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\JLK.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Jlp.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\jPe.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Kbh.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\KhKfFv.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\KiAtOUH.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Kilq.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\kSRO.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\KsvR.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\KUjqVcN.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\KyPy.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\laY.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\lsHlHJ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\MBjYf.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\mBk.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\mEy.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\MiGY.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\mIt.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\MLv.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Mph.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\MSlWIV.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\mvJoEns.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\NKAmCtH.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\nLRmIR.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\NMX.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\NqnaXn.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\NWFP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\OjVcRp.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\OSo.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\otHaS.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\OyvFZ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\pYK.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\QCqSpx.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\QNCoY.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\qvl.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\qWN.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\qye.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\qzK.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\rHsZv.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\RJKFOr.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\rlNgd.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\RTJGH.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Rwn.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\RyVdnJ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\rZBSI.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\sfxQ.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\SHWYFr.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Std.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\sWbP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\sXdTbj.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Syuwj.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\TBX.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\tclWlz.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\teLzg.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\TNkgjj.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\tTC.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\UDvJH.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\UFP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\UGF.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\UKI.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\uOa.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Upm.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\USArLT.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\uTCUuI.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\uXB.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\viP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\vixifu.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\VQcEs.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\VQm.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\VRv.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\wBvblAK.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\wda.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\wekR.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\WwP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\wYFI.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\wyR.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Wze.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\wZI.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\XhP.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\Xop.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\XWp.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\YbTGsu.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\YdD.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\yJa.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\yrJRxxY.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\yYfVBnh.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\yYv.exe Object is locked skipped

C:\Program Files\Fichiers communs\System\ZNc.exe Object is locked skipped

C:\Program Files\Fichiers communs\trV.exe Object is locked skipped

C:\Program Files\Fichiers communs\uHFiI.exe Object is locked skipped

C:\Program Files\Windows NT\AZWgXH.exe Object is locked skipped

C:\Program Files\Windows NT\BdS.exe Object is locked skipped

C:\Program Files\Windows NT\BIa.exe Object is locked skipped

C:\Program Files\Windows NT\bmyzkP.exe Object is locked skipped

C:\Program Files\Windows NT\BYDxiW.exe Object is locked skipped

C:\Program Files\Windows NT\CbZ.exe Object is locked skipped

C:\Program Files\Windows NT\cGXDims.exe Object is locked skipped

C:\Program Files\Windows NT\CQGC.exe Object is locked skipped

C:\Program Files\Windows NT\czLuC.exe Object is locked skipped

C:\Program Files\Windows NT\Dgtu.exe Object is locked skipped

C:\Program Files\Windows NT\djq.exe Object is locked skipped

C:\Program Files\Windows NT\dOa.exe Object is locked skipped

C:\Program Files\Windows NT\dsALfM.exe Object is locked skipped

C:\Program Files\Windows NT\Eap.exe Object is locked skipped

C:\Program Files\Windows NT\EBamZD.exe Object is locked skipped

C:\Program Files\Windows NT\Ejzu.exe Object is locked skipped

C:\Program Files\Windows NT\ekTHRM.exe Object is locked skipped

C:\Program Files\Windows NT\fbC.exe Object is locked skipped

C:\Program Files\Windows NT\FjP.exe Object is locked skipped

C:\Program Files\Windows NT\Fny.exe Object is locked skipped

C:\Program Files\Windows NT\FTyPCdC.exe Object is locked skipped

C:\Program Files\Windows NT\gRvgy.exe Object is locked skipped

C:\Program Files\Windows NT\grzp.exe Object is locked skipped

C:\Program Files\Windows NT\HSMzef.exe Object is locked skipped

C:\Program Files\Windows NT\IkRK.exe Object is locked skipped

C:\Program Files\Windows NT\iuf.exe Object is locked skipped

C:\Program Files\Windows NT\ixJR.exe Object is locked skipped

C:\Program Files\Windows NT\jCD.exe Object is locked skipped

C:\Program Files\Windows NT\jMrjh.exe Object is locked skipped

C:\Program Files\Windows NT\Joocfm.exe Object is locked skipped

C:\Program Files\Windows NT\jze.exe Object is locked skipped

C:\Program Files\Windows NT\kEknr.exe Object is locked skipped

C:\Program Files\Windows NT\KgwYjx.exe Object is locked skipped

C:\Program Files\Windows NT\KmW.exe Object is locked skipped

C:\Program Files\Windows NT\KsClOfv.exe Object is locked skipped

C:\Program Files\Windows NT\Kzg.exe Object is locked skipped

C:\Program Files\Windows NT\lpg.exe Object is locked skipped

C:\Program Files\Windows NT\lZfNVmX.exe Object is locked skipped

C:\Program Files\Windows NT\Mgj.exe Object is locked skipped

C:\Program Files\Windows NT\MOxW.exe Object is locked skipped

C:\Program Files\Windows NT\mTBoVkL.exe Object is locked skipped

C:\Program Files\Windows NT\Myj.exe Object is locked skipped

C:\Program Files\Windows NT\nEjoHu.exe Object is locked skipped

C:\Program Files\Windows NT\NMZ.exe Object is locked skipped

C:\Program Files\Windows NT\ogHoQvD.exe Object is locked skipped

C:\Program Files\Windows NT\oNM.exe Object is locked skipped

C:\Program Files\Windows NT\oOG.exe Object is locked skipped

C:\Program Files\Windows NT\oxl.exe Object is locked skipped

C:\Program Files\Windows NT\ozXOpPD.exe Object is locked skipped

C:\Program Files\Windows NT\PQA.exe Object is locked skipped

C:\Program Files\Windows NT\pUeeL.exe Object is locked skipped

C:\Program Files\Windows NT\PUh.exe Object is locked skipped

C:\Program Files\Windows NT\Pyq.exe Object is locked skipped

C:\Program Files\Windows NT\qiJfn.exe Object is locked skipped

C:\Program Files\Windows NT\qjGhsg.exe Object is locked skipped

C:\Program Files\Windows NT\qjRn.exe Object is locked skipped

C:\Program Files\Windows NT\qSH.exe Object is locked skipped

C:\Program Files\Windows NT\rGgBN.exe Object is locked skipped

C:\Program Files\Windows NT\RJu.exe Object is locked skipped

C:\Program Files\Windows NT\rQj.exe Object is locked skipped

C:\Program Files\Windows NT\RtE.exe Object is locked skipped

C:\Program Files\Windows NT\SgmGXW.exe Object is locked skipped

C:\Program Files\Windows NT\sLB.exe Object is locked skipped

C:\Program Files\Windows NT\tDh.exe Object is locked skipped

C:\Program Files\Windows NT\tSYjwr.exe Object is locked skipped

C:\Program Files\Windows NT\txTDxY.exe Object is locked skipped

C:\Program Files\Windows NT\VnumAi.exe Object is locked skipped

C:\Program Files\Windows NT\vUn.exe Object is locked skipped

C:\Program Files\Windows NT\VzzzOg.exe Object is locked skipped

C:\Program Files\Windows NT\wAUHwC.exe Object is locked skipped

C:\Program Files\Windows NT\WCY.exe Object is locked skipped

C:\Program Files\Windows NT\WhG.exe Object is locked skipped

C:\Program Files\Windows NT\WIBuA.exe Object is locked skipped

C:\Program Files\Windows NT\wqC.exe Object is locked skipped

C:\Program Files\Windows NT\wxe.exe Object is locked skipped

C:\Program Files\Windows NT\wzLYwEV.exe Object is locked skipped

C:\Program Files\Windows NT\xHdTg.exe Object is locked skipped

C:\Program Files\Windows NT\YFE.exe Object is locked skipped

C:\Program Files\Windows NT\yMixM.exe Object is locked skipped

C:\Program Files\Windows NT\yrx.exe Object is locked skipped

C:\Program Files\Windows NT\YVR.exe Object is locked skipped

C:\Program Files\Windows NT\ZoV.exe Object is locked skipped

C:\System Volume Information\catalog.wci000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci010003.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{947B204D-DF9D-44C1-BEBD-153D18DDFEE1}\RP38\A0038205.exe Infected: Trojan-Downloader.Win32.Agent.fpg skipped

C:\System Volume Information\_restore{947B204D-DF9D-44C1-BEBD-153D18DDFEE1}\RP39\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\TEST-A3GDR2V1PE.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{C48AE079-2DBB-40D4-90DA-CB70C83A448C}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT0348e.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT034c5.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

merci

désolée de te rajouter du travail

bonne nuit

Thanos · le 3 décembre 2007

re!

Le pc est infecté par un rootkit, je vais te préparer une procédure spéciale pour tenter de l'éliminer

ivy, commence déjà par sauvegarder les données dont tu as besoin parce que le formatage n'est pas impossible...

Edité!!

Modifié le 3 décembre 2007 par charles ingals

Thanos · le 3 décembre 2007

Nous allons essayer d'utiliser un programme dédié à l'infection pour l'éliminer >

1) Commence par désactiver l'antivirus Avast, car il risque d'interférer avec le programme.

Pour cela, clique sur le bouton "Pause" avant de commencer le scan >

2) Télécharge sur ton bureau > "Gromozon Rootkit Removal Tool"

Lance le programme et clique sur le bouton Scan > une fenêtre va s'ouvir et te demander de désactiver temporairement ton antivirus le temps du scan (fais le si ce n'est déjà fait!) puis clique sur le bouton OK

3) A la fin du scan, un rapport va être créé, il se nomme gromozon_removal.log et se trouve dans le répertoire C:\ > poste le !

Modifié le 3 décembre 2007 par charles ingals

ivy · le 4 décembre 2007

j'ajoute un petit truc au passage : hier, j'avais 20% d'espace libre sur le disque dur. aujourd'hui, il ne me reste que 2%.

bien évidemment, je n'ai rien téléchargé à part les logiciels recommandés ici-même

easy cleaner n'arrive pas à effacer certains fichiers inutiles : (les dossiers historique, fichiers et cookies de IE sont normalement propres) :

Nom Taille Type Modifié Attr. Version du fichier Version du produit

C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5 0 04/12/2007 00:52:22 S

C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5\MSHist012007120420071205 0 04/12/2007 00:02:04 S

C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5 0 03/12/2007 22:48:50 S

C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5\IPVKT4JE 0 Dossier 04/12/2007 01:06:52 S

C:\WINDOWS\Temp\ZLT0348e.TMP 256 Fichier TMP 03/12/2007 12:38:24 A

C:\WINDOWS\Temp\ZLT034c5.TMP 256 Fichier TMP 03/12/2007 12:38:42 A

C:\Documents and Settings\ivy\Local Settings\Temp\Perflib_Perfdata_2ee0.dat 16384 Fichier DAT 03/12/2007 19:16:38 A

C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5\index.dat 278528 04/12/2007 00:59:44 A

C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2260992 Fichier DAT 04/12/2007 01:05:06 A

C:\System Volume Information\catalog.wci\propstor.bk1 4198912 Fichier BK1 04/12/2007 01:09:50 A

C:\System Volume Information\catalog.wci\propstor.bk2 4198912 Fichier BK2 04/12/2007 01:09:52 A

voilà, c'est probablement lié au reste

(oh mince, en voulant poster, je viens de voir le message de 23h41. je regarde ça immédiatement).

merci

Thanos · le 4 décembre 2007

hihi!

Ok essaie de passer le programme, poste le rapport > je te lirai demain

N'oublie pas > commence à sauvegarder tes données car il est possible que le rootkit résiste, auquel cas, seul un formatage en viendra à bout !

Je te conseillerai une autre procédure si Gromozon Rootkit Removal Tool ne le désinfecte pas.

bonne nuit

ivy · le 4 décembre 2007

charles ingals a dit :
Nous allons essayer d'utiliser un programme dédié à l'infection pour l'éliminer >

1) Commence par désactiver l'antivirus Avast, car il risque d'interférer avec le programme.

Pour cela, clique sur le bouton "Pause" avant de commencer le scan >

2) Télécharge sur ton bureau > "Gromozon Rootkit Removal Tool"

Lance le programme et clique sur le bouton Scan > une fenêtre va s'ouvir et te demander de désactiver temporairement ton antivirus le temps du scan (fais le si ce n'est déjà fait!) puis clique sur le bouton OK

3) A la fin du scan, un rapport va être créé, il se nomme gromozon_removal.log et se trouve dans le répertoire C:\ > poste le !

hm, problème

toutes les pages qui propose le "gromozon rootkit removal tool" me sont inaccessibles. j'ai le message classique d'IE qui dit que la page est temporairement indisponible (tous les sites marchent, aucun problème avec IE) et que je dois réessayer plus tard. mais ça ne marche jamais.

en cherchant une autre source de téléchargement sur google, j'ai vu que d'autres gens avaient un problème similaire : impossible d'accéder à l'outil lorsqu'ils étaient infestés.

j'ai trouvé ce site, mais j'ai un peu peur (je n'ai rien fait, j'attends le feu vert... ou rouge ) :

http://thepiratebay.org/tor/3538707/Gromoz...it_Removal_Tool

c'est écrit "télécharger ce torrent" (torrent ???).

voilà, j'attends les instructions.

merci.

Connexion

Pas encore inscrit ?

Gros pb

Messages recommandés

ivy

Thanos

ivy

Thanos

ivy

Thanos

Thanos

ivy

Thanos

ivy

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer