Probleme avec un virus recalcitrant. - il revient sans arret

apres un nettoyage avec cclaener, ad-aware, spybot, stinger, anti-troyan5.5, et avast cleaner, tout en etant proteger par zone alarm et ayant ferme les port avec zeb-protect et XP Antispi, j’ai mon anti-virus qui est viruskeeper pro 2006 qui m’alerte d’etre infecte par “edlm.exe” qui ce trouve dans Windows\System32\. Comment puis je m’en debarrasser car etant novice ce n’est pas facile. J’utilise windows XP Pro SP2. Merci de bien vouloire m’aider et bonne chance a ce sit. Comme lu prcedemment dans votre forum voici le fichier hijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 22:35:23, on 22/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VirusKeeper 2006 Pro\VirusKeeper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\MGE\RunSC.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\MGE\PCtl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Micro Application\Internet Anonyme 2\CGhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bruno\Bureau\Protections\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Bugnosis - {3A6514CD-A457-11D4-8AF3-000102686B79} - C:\Program Files\Bugnosis\WebBug.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60DF4425-F36F-42D7-AECF-A409EBE4558C} - C:\PROGRA~1\MICROA~1\INTERN~1\tbcghost.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: SimonTools - {CC48EB38-F950-48C0-9F22-D64F829AE3DF} - C:\PROGRA~1\MICROA~1\INTERN~1\tbcghost.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Bugnosis - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - C:\Program Files\Bugnosis\WebBug.dll
O4 - HKLM\…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 - HKLM\…\Run: [VirusKeeper] C:\Program Files\VirusKeeper 2006 Pro\VirusKeeper.exe
O4 - HKLM\…\Run: [awxDTools] rundll32 C:\PROGRA~1\D-Tools\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\…\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\…\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\…\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\…\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM\…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\…\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\…\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\…\Run: [CursorXP] “C:\Program Files\CursorXP\CursorXP.exe” -s
O4 - HKCU\…\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\…\Run: [CyberGhost2006] “C:\Program Files\Micro Application\Internet Anonyme 2\CGhost.exe” min
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l’anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra ‘Tools’ menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra ‘Tools’ menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra ‘Tools’ menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra ‘Tools’ menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra ‘Tools’ menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra ‘Tools’ menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\…\{2A31D54D-AF26-4679-AA64-50F4AC3063BA}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ci joint un rapport avec RootKit Revealer:

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
15/04/2006 20:38 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 15/04/2006 22:58 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\RootCertExtraction 22/04/2006 22:50 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 15/04/2006 22:59 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Skwat_ADSLAutoconnect\PALETTE\TOT_UP 22/04/2006 22:49 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Skwat_ADSLAutoconnect\PALETTE\TOT_DOWN 22/04/2006 22:49 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40 22/04/2006 21:20 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf41 15/04/2006 22:16 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf42 15/04/2006 22:16 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf43 15/04/2006 22:16 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\Vax347s\Config\jdgg40 15/04/2006 23:01 0 bytes Hidden from Windows API.
C:\$AttrDef 15/04/2006 15:23 2.50 KB Hidden from Windows API.
C:\$BadClus 15/04/2006 15:23 0 bytes Hidden from Windows API.
C:\$BadClus:$Bad 15/04/2006 15:23 115.04 GB Hidden from Windows API.
C:\$Bitmap 15/04/2006 15:23 3.59 MB Hidden from Windows API.
C:\$Boot 15/04/2006 15:23 8.00 KB Hidden from Windows API.
C:\$Extend 15/04/2006 15:23 0 bytes Hidden from Windows API.
C:\$Extend\$ObjId 15/04/2006 15:23 0 bytes Hidden from Windows API.
C:\$Extend\$Quota 15/04/2006 15:23 0 bytes Hidden from Windows API.
C:\$Extend\$Reparse 15/04/2006 15:23 0 bytes Hidden from Windows API.
C:\$LogFile 15/04/2006 15:23 64.00 MB Hidden from Windows API.
C:\$MFT 15/04/2006 15:23 143.09 MB Hidden from Windows API.
C:\$MFTMirr 15/04/2006 15:23 4.00 KB Hidden from Windows API.
C:\$Secure 15/04/2006 15:23 0 bytes Hidden from Windows API.
C:\$UpCase 15/04/2006 15:23 128.00 KB Hidden from Windows API.
C:\$Volume 15/04/2006 15:23 0 bytes Hidden from Windows API.

Et beh, il y en a du bordayl ! :ane:

Déjà pour commencer, 2 antivirus avast et virus keeper en même temps c’est pas trop conseillé !

Et puis 2 softs pour être anonyme sur le net, tu dois faire des trucs pas trop catholique … :confused:

Ensuite, tu devrais faire le ménage dans ce qui ce lance au démarrage …

Pour ton soucis:

Désactive la restauration système , vide les fichiers temporaires internet , ensuite , redémarre en mode sans échecs

Supprimes ensuite ce fichier: ldr64.dll qui se trouve dans C:\WINDOWS\SYSTEM32\

Si tu n’y arrives pas , utilise ceci : Unlocker

Cet utilitaire permet de déterminer le processus qui verrouille un fichier. Unlocker permet de déverrouiller ce fichier afin de le supprimer normalement !

Une fois celà fait, redémarre , relance hijackthis et fixe ces lignes :

O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O17 - HKLM\System\CCS\Services\Tcpip\…\{2A31D54D-AF26-4679-AA64-50F4AC3063BA}: NameServer = 80.10.246.130 80.10.246.3

O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll

:hello: Merci pour ton aide mais pourrait tu me dire comment on desactive la restauration du systeme, et avec ccleaner suprimme t’on les fichiers temporaires internet.

Merci a vous . A+ je me lance dans cette reparation.

:super: Je vous remerci pour votre aide. Apparemment le probleme est regle je verrais ca apres une utilisation plus longe. J’aimerais bien savoir interpreter le fichier HijackThis comme vous car cela a l’air efficace pour denicher un probleme.
Je ne comprend pas comment j’ai attrape cette vacherie car je ne vais pas sur des sites X et de crack, alors mistere.
Encore une fois merci et a bientot, dans d’autre circonstance.

Ce message n’était pas conforme aux règles d’utilisation du nouveau forum :

:jap:

Merci pour le depannage tout est ok.

Bonjour,

Pareillement, j’ai depuis quelques mois, des problèmes de Deny Of Service. Cela fait ramer mon PC depuis tout ce temps. j’ai donc télécharger Rootkitrevealer dans le but de savoir si j’ai quelques rootkits. Je vous ai mis en dessous les infos de sorties de rootkitrevealer.

Pouvez vous:

  1. Me dire tout ce que ce charabiat veut dire. (J’ai 2 autres PC ki ont un charrabiat similaire. Donc il faut que je comprenne.)
  2. Me dire que faire pour virer le ou les rootkit présents sur mon PC.

Je vous remercie d’avance parceque là je ne sais plus quoi faire.

HKLM\S-1-5-21-1715567821-823518204-725345543-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1002\Filename 02/10/2006 19:46 11 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1715567821-823518204-725345543-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1002\Description 02/10/2006 19:46 25 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1715567821-823518204-725345543-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1003\Filename 08/10/2006 20:05 11 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1715567821-823518204-725345543-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1003\Description 08/10/2006 20:05 25 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 03/12/2006 01:33 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
03/12/2006 01:33 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
03/12/2006 01:33 0 bytes Key name contains embedded nulls ()
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
03/12/2006 01:33 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Control\GroupOrderList\Boot Bus Extender 23/12/2006 11:46 32 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 01/10/2006 21:04 0 bytes Access is denied.
C:\Documents and Settings\ROMASSE\Application Data\Mozilla\Firefox\Profiles\jyspfz06.default\metrics.xml 28/12/2006 11:18 0 bytes Hidden from Windows API.
C:\Documents and Settings\ROMASSE\Application Data\Mozilla\Firefox\Profiles\jyspfz06.default\parent.lock 28/12/2006 11:10 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\ AAA_MP3 10/12/2006 19:00 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\ Battlefield.2.PC.Multilenguaje.www.GameDonkey.net 12/12/2006 16:57 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\ RECYCLER 10/10/2006 16:22 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\ System Volume Information 10/10/2006 10:48 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\ VIDEO 12/12/2006 16:53 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\AAA_MP3\Zucchero - Baila Morena.mp3 19/04/2006 21:01 3.77 MB Hidden from Windows API.
M:\RECYCLER 10/10/2006 17:22 0 bytes Hidden from Windows API.
M:\RECYCLER\ . 10/10/2006 16:22 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\ … 10/10/2006 16:22 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\ S-1-5-21-1606980848-842925246-725345543-1003 19/09/2006 11:58 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\ S-1-5-21-1715567821-823518204-725345543-1003 26/12/2006 17:11 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003 19/09/2006 12:58 0 bytes Hidden from Windows API.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003\ . 19/09/2006 11:58 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003\ … 19/09/2006 11:58 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003\ 20 INFO2 25/09/2006 21:43 20 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003\ 65 desktop.ini 19/09/2006 11:58 65 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003\desktop.ini 19/09/2006 12:58 65 bytes Hidden from Windows API.
M:\RECYCLER\S-1-5-21-1606980848-842925246-725345543-1003\INFO2 25/09/2006 22:43 20 bytes Hidden from Windows API.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003 26/12/2006 17:11 0 bytes Hidden from Windows API.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003\ . 26/12/2006 17:11 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003\ … 26/12/2006 17:11 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003\ 20 INFO2 26/12/2006 17:11 20 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003\ 65 desktop.ini 26/12/2006 17:11 65 bytes Visible in Windows API, but not in MFT or directory index.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003\desktop.ini 26/12/2006 17:11 65 bytes Hidden from Windows API.
M:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1003\INFO2 26/12/2006 17:11 20 bytes Hidden from Windows API.
M:\ROMASSEDANCING.avi 09/12/2006 19:55 554.63 MB Hidden from Windows API.
M:\System Volume Information 10/10/2006 11:48 0 bytes Hidden from Windows API.
M:\System Volume Information\ . 10/10/2006 10:48 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\ … 10/10/2006 10:48 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\ _restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE} 27/12/2006 06:37 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\ _restore{E128F010-9862-446A-AA9E-0037C26397B9} 24/09/2006 21:55 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\ 0 MountPointManagerRemoteDatabase 05/10/2006 15:55 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\ 20 480 tracking.log 19/09/2006 11:48 20 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE} 27/12/2006 06:37 0 bytes Hidden from Windows API.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ . 27/12/2006 06:37 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ … 27/12/2006 06:37 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP100 13/12/2006 07:34 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP105 17/12/2006 17:04 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP111 21/12/2006 19:52 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP117 25/12/2006 04:37 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP119 27/12/2006 06:37 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP98 11/12/2006 05:34 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\ RP99 12/12/2006 06:34 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\RP100 13/12/2006 07:34 0 bytes Hidden from Windows API.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\RP100\ . 13/12/2006 07:34 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\RP100\ … 13/12/2006 07:34 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\RP100\ 8 RestorePointSize 13/12/2006 07:34 8 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{8021116B-862F-4928-84C2-6E1A4AD4EEAE}\RP100\ 1 008 change.log.1 12/12/2006 16:57 1 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\ RP25 25/09/2006 18:42 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13 14/09/2006 14:20 0 bytes Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13\ . 14/09/2006 13:20 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13\ … 14/09/2006 13:20 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13\ 8 RestorePointSize 14/09/2006 13:50 8 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13\106 928 change.log.1 14/09/2006 09:26 106 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13\change.log.1 14/09/2006 10:26 104.42 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP13\RestorePointSize 14/09/2006 14:50 8 bytes Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14 15/09/2006 14:48 0 bytes Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\ . 15/09/2006 13:48 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\ … 15/09/2006 13:48 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\593 217 A0008799.psp 11/05/2002 17:51 1 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\648 233 A0008787.psp 11/05/2002 12:37 648 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\692 224 A0008817.exe 25/09/2001 19:16 692 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\726 037 A0008803.exe 10/10/2001 20:06 1 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\758 632 A0008790.psp 11/05/2002 18:05 1 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\889 763 A0008806.EXE 22/07/2001 10:45 889 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\928 296 A0008791.psp 11/05/2002 17:59 1 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008780.ini 13/09/2006 12:50 65 bytes Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008781.psp 11/05/2002 13:43 993.41 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008807.exe 05/10/2001 23:19 1.48 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008808.exe 24/09/2001 22:46 76.03 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008809.exe 19/09/2001 22:09 4.20 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008810.EXE 19/09/2001 22:01 261.39 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008811.exe 17/09/2001 21:33 3.14 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008812.exe 27/09/2001 20:13 99.05 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008813.exe 27/09/2001 20:19 2.43 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008814.exe 25/09/2001 21:01 2.92 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008815.exe 05/10/2001 22:35 301.09 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008816.exe 25/09/2001 20:46 3.96 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008817.exe 25/09/2001 20:16 676.00 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\A0008818.exe 10/09/2001 20:51 8.97 MB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\change.log.1 14/09/2006 16:46 51.42 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP14\RestorePointSize 15/09/2006 18:25 8 bytes Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP15 16/09/2006 14:54 0 bytes Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP15\ . 16/09/2006 13:54 0 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP25\ 8 RestorePointSize 25/09/2006 19:41 8 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP25\ 9 062 change.log.1 24/09/2006 22:02 9 bytes Visible in Windows API, but not in MFT or directory index.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP25\change.log.1 24/09/2006 23:02 8.85 KB Hidden from Windows API.
M:\System Volume Information\_restore{E128F010-9862-446A-AA9E-0037C26397B9}\RP25\RestorePointSize 25/09/2006 20:41 8 bytes Hidden from Windows API.
M:\System Volume Information\MountPointManagerRemoteDatabase 05/10/2006 16:55 0 bytes Hidden from Windows API.
M:\System Volume Information\tracking.log 19/09/2006 12:48 20.00 KB Hidden from Windows API.
M:\VIDEO 12/12/2006 16:53 0 bytes Hidden from Windows API.

Bien sur, je n’ai pas mis toutes les lignes de codes sinon j’aurai fais peté le serveur ;).
Désolé pour la mise en forme, je peux changer ça si vous me le demander, mais dites moi comment il faut que je le change.

MErci d’avance!
:’(