zizoum

Merci infiniment je vais suivre tes conseils et j'essayerais de tirer le maximum de ce que tu viens de poster je reprond confiance dans le forum, car ma première expérience a conduit a effacer des fichier système avec OTM suivi par un blocage que même le technicien de DELL n'a pu résoudre, mais cette fois c'est impécable

Merci pour tout, ma machine fonctionne super bien et j'ai retrouvé des débits internet normaux content d'être utile a+

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:17:34, on 26/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\cheheb-z\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100409 serial=DR12WCX-1306682-EYW lang=FR O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Windows rom driver service] C:\WINDOWS\System32\winrom.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- End of file - 7221 bytes

d'accord mais comment dois-je l'envoyé?

========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== C:\windows\system32\winrom.exe moved successfully. ========== REGISTRY ========== Registry key HKEY LOCAL MACHINE/Software/Microsoft/Windows/CurrentVersion/run\\"Windows rom driver service"\ not found. ========== COMMANDS ========== Error: Unable to interpret <[zip^files]> in the current context! OTM by OldTimer - Version 3.0.0.6 log created on 09262009_160258

j'ai déjà essyaé d'éliminer ça avec MBAM mais il n'arrive a le faire meme après redémarrage le résultat d'analyse est le suivant Fichier winrom.exe reçu le 2009.09.26 13:46:28 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.26 Worm.Win32.Pushbot!IK AhnLab-V3 5.0.0.2 2009.09.26 - AntiVir 7.9.1.25 2009.09.25 - Antiy-AVL 2.0.3.7 2009.09.25 Trojan/Win32.Buzus.gen Authentium 5.1.2.4 2009.09.25 - Avast 4.8.1351.0 2009.09.26 Win32:Rootkit-gen AVG 8.5.0.412 2009.09.26 Generic14.BDBH BitDefender 7.2 2009.09.26 - CAT-QuickHeal 10.00 2009.09.26 - ClamAV 0.94.1 2009.09.26 - Comodo 2444 2009.09.26 - DrWeb 5.0.0.12182 2009.09.26 Trojan.Packed.154 eSafe 7.0.17.0 2009.09.24 - eTrust-Vet None 2009.09.25 - F-Prot 4.5.1.85 2009.09.25 - F-Secure 8.0.14470.0 2009.09.26 Trojan.Win32.Inject.ajfn Fortinet 3.120.0.0 2009.09.26 - GData 19 2009.09.26 Win32:Rootkit-gen Ikarus T3.1.1.72.0 2009.09.26 Worm.Win32.Pushbot Jiangmin 11.0.800 2009.09.26 Trojan/Buzus.psj K7AntiVirus 7.10.855 2009.09.26 - Kaspersky 7.0.0.125 2009.09.26 Trojan.Win32.Inject.ajfn McAfee 5752 2009.09.25 - McAfee+Artemis 5752 2009.09.25 Suspect-29!107367ECD4EA McAfee-GW-Edition 6.8.5 2009.09.26 - Microsoft 1.5005 2009.09.23 - NOD32 4459 2009.09.26 a variant of Win32/Injector.AAT Norman 6.01.09 2009.09.26 - nProtect 2009.1.8.0 2009.09.26 - Panda 10.0.2.2 2009.09.25 W32/P2PWorm.CL.worm PCTools 4.4.2.0 2009.09.25 - Prevx 3.0 2009.09.26 Medium Risk Malware Rising 21.48.52.00 2009.09.26 - Sophos 4.45.0 2009.09.26 - Sunbelt 3.2.1858.2 2009.09.26 - Symantec 1.4.4.12 2009.09.26 Trojan Horse TheHacker 6.5.0.2.019 2009.09.26 - TrendMicro 8.950.0.1094 2009.09.25 - VBA32 3.12.10.11 2009.09.25 - ViRobot 2009.9.26.1958 2009.09.26 Trojan.Win32.Agent.138240.V VirusBuster 4.6.5.0 2009.09.25 - Information additionnelle File size: 53248 bytes MD5...: 107367ecd4ea01b2018620c1a457f242 SHA1..: 21fa85fe497a837e5969b4ae04f94fbd9b4fcd4d SHA256: 413603406f2279c2388d3325a5f45a437d1cb4b2b608275075568e14d1a49855 ssdeep: 768:S88C3KzEBcwnLFjL0NiVuN4bHEplJfqzCz9HH2G6wNM7Rygg5Bx:So6AFLF8<br>M04bHEplJfqzCz9HHVXM1G<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4708<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x8890 0x8a00 5.18 616457bf0b231a7ab6d38e88cc492465<br>DATA 0xa000 0x174 0x200 3.48 4341f5dc1997786f9e1e314cfc62d20b<br>BSS 0xb000 0xbe5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xc000 0x3d0 0x400 4.22 817d49a5985930ba62b82e4cb8db5bfe<br>.tls 0xd000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0xe000 0x18 0x200 0.20 c13eb612b1d80faefe8c755e4342631e<br>.reloc 0xf000 0x75c 0x800 6.51 cfd3440ad20d12581b4c3866f2aceed7<br>.rsrc 0x10000 0x30d0 0x3200 7.33 45fc2f66173ced2be94a04160ff616a5<br><br>( 6 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, MessageBoxA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>> kernel32.dll: LoadLibraryExA, FindResourceA<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=5B1620F6009F94B3D06F002B0C8539003AC5E6D5''>http://info.prevx.com/aboutprogramtext.asp?PX5=5B1620F6009F94B3D06F002B0C8539003AC5E6D5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=5B1620F6009F94B3D06F002B0C8539003AC5E6D5</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=5B1620F6009F94B3D06F002B0C8539003AC5E6D5</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.26 Worm.Win32.Pushbot!IK AhnLab-V3 5.0.0.2 2009.09.26 - AntiVir 7.9.1.25 2009.09.25 - Antiy-AVL 2.0.3.7 2009.09.25 Trojan/Win32.Buzus.gen Authentium 5.1.2.4 2009.09.25 - Avast 4.8.1351.0 2009.09.26 Win32:Rootkit-gen AVG 8.5.0.412 2009.09.26 Generic14.BDBH BitDefender 7.2 2009.09.26 - CAT-QuickHeal 10.00 2009.09.26 - ClamAV 0.94.1 2009.09.26 - Comodo 2444 2009.09.26 - DrWeb 5.0.0.12182 2009.09.26 Trojan.Packed.154 eSafe 7.0.17.0 2009.09.24 - eTrust-Vet None 2009.09.25 - F-Prot 4.5.1.85 2009.09.25 - F-Secure 8.0.14470.0 2009.09.26 Trojan.Win32.Inject.ajfn Fortinet 3.120.0.0 2009.09.26 - GData 19 2009.09.26 Win32:Rootkit-gen Ikarus T3.1.1.72.0 2009.09.26 Worm.Win32.Pushbot Jiangmin 11.0.800 2009.09.26 Trojan/Buzus.psj K7AntiVirus 7.10.855 2009.09.26 - Kaspersky 7.0.0.125 2009.09.26 Trojan.Win32.Inject.ajfn McAfee 5752 2009.09.25 - McAfee+Artemis 5752 2009.09.25 Suspect-29!107367ECD4EA McAfee-GW-Edition 6.8.5 2009.09.26 - Microsoft 1.5005 2009.09.23 - NOD32 4459 2009.09.26 a variant of Win32/Injector.AAT Norman 6.01.09 2009.09.26 - nProtect 2009.1.8.0 2009.09.26 - Panda 10.0.2.2 2009.09.25 W32/P2PWorm.CL.worm PCTools 4.4.2.0 2009.09.25 - Prevx 3.0 2009.09.26 Medium Risk Malware Rising 21.48.52.00 2009.09.26 - Sophos 4.45.0 2009.09.26 - Sunbelt 3.2.1858.2 2009.09.26 - Symantec 1.4.4.12 2009.09.26 Trojan Horse TheHacker 6.5.0.2.019 2009.09.26 - TrendMicro 8.950.0.1094 2009.09.25 - VBA32 3.12.10.11 2009.09.25 - ViRobot 2009.9.26.1958 2009.09.26 Trojan.Win32.Agent.138240.V VirusBuster 4.6.5.0 2009.09.25 - Information additionnelle File size: 53248 bytes MD5...: 107367ecd4ea01b2018620c1a457f242 SHA1..: 21fa85fe497a837e5969b4ae04f94fbd9b4fcd4d SHA256: 413603406f2279c2388d3325a5f45a437d1cb4b2b608275075568e14d1a49855 ssdeep: 768:S88C3KzEBcwnLFjL0NiVuN4bHEplJfqzCz9HH2G6wNM7Rygg5Bx:So6AFLF8<br>M04bHEplJfqzCz9HHVXM1G<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4708<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x8890 0x8a00 5.18 616457bf0b231a7ab6d38e88cc492465<br>DATA 0xa000 0x174 0x200 3.48 4341f5dc1997786f9e1e314cfc62d20b<br>BSS 0xb000 0xbe5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xc000 0x3d0 0x400 4.22 817d49a5985930ba62b82e4cb8db5bfe<br>.tls 0xd000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0xe000 0x18 0x200 0.20 c13eb612b1d80faefe8c755e4342631e<br>.reloc 0xf000 0x75c 0x800 6.51 cfd3440ad20d12581b4c3866f2aceed7<br>.rsrc 0x10000 0x30d0 0x3200 7.33 45fc2f66173ced2be94a04160ff616a5<br><br>( 6 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, MessageBoxA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>> kernel32.dll: LoadLibraryExA, FindResourceA<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=5B1620F6009F94B3D06F002B0C8539003AC5E6D5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=5B1620F6009F94B3D06F002B0C8539003AC5E6D5</a>

bonjour le rapport est le suivant Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:21, on 26/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\cheheb-z\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100409 serial=DR12WCX-1306682-EYW lang=FR O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Windows rom driver service] C:\WINDOWS\System32\winrom.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- End of file - 7175 bytes

Merci pour ton aide rapide et efficace

vous avez raison MBAM ne reconnait plus le fichier dll comme menace. il me reste qu'une seule alerte que je sai pas si je dois éliminer: un HKEY_LOCAL Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2861 Windows 5.1.2600 Service Pack 3 26/09/2009 10:30:54 mbam-log-2009-09-26 (10-30-52).txt Type de recherche: Examen rapide Eléments examinés: 103274 Temps écoulé: 1 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Merci pour les réponses j'espère que le système va bien

mise à jour ok le rapport: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2857 Windows 5.1.2600 Service Pack 3 25/09/2009 11:56:46 mbam-log-2009-09-25 (11-56-42).txt Type de recherche: Examen rapide Eléments examinés: 102931 Temps écoulé: 1 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301414438586445483634456446343641424738615 248395356345138614674688380848071856156747969808884014753613686838370798555708384 748079615674797780728079] Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\msvcrt2.dll (Trojan.Donbot) -> No action taken. [3857535134305383807566791537807967808513010652585237425106617884876883851915697 777]

le résultat est le suivant Fichier msvcrt2.dll reçu le 2009.09.25 09:44:14 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.25 - AhnLab-V3 5.0.0.2 2009.09.24 - AntiVir 7.9.1.25 2009.09.25 - Antiy-AVL 2.0.3.7 2009.09.25 - Authentium 5.1.2.4 2009.09.25 - Avast 4.8.1351.0 2009.09.24 - AVG 8.5.0.412 2009.09.25 - BitDefender 7.2 2009.09.25 - CAT-QuickHeal 10.00 2009.09.25 - ClamAV 0.94.1 2009.09.25 - Comodo 2430 2009.09.25 - DrWeb 5.0.0.12182 2009.09.25 - eSafe 7.0.17.0 2009.09.24 - eTrust-Vet 31.6.6760 2009.09.25 - F-Prot 4.5.1.85 2009.09.24 - F-Secure 8.0.14470.0 2009.09.25 - Fortinet 3.120.0.0 2009.09.25 - GData 19 2009.09.25 - Ikarus T3.1.1.72.0 2009.09.25 - Jiangmin 11.0.800 2009.09.25 - K7AntiVirus 7.10.853 2009.09.24 - Kaspersky 7.0.0.125 2009.09.25 - McAfee 5751 2009.09.24 - McAfee+Artemis 5751 2009.09.24 - McAfee-GW-Edition 6.8.5 2009.09.25 - Microsoft 1.5005 2009.09.23 - NOD32 4456 2009.09.25 - Norman 6.01.09 2009.09.24 - nProtect 2009.1.8.0 2009.09.25 - Panda 10.0.2.2 2009.09.24 - PCTools 4.4.2.0 2009.09.24 - Prevx 3.0 2009.09.25 - Rising 21.48.42.00 2009.09.25 - Sophos 4.45.0 2009.09.25 - Sunbelt 3.2.1858.2 2009.09.24 - Symantec 1.4.4.12 2009.09.25 - TheHacker 6.5.0.2.017 2009.09.24 - TrendMicro 8.950.0.1094 2009.09.25 - VBA32 3.12.10.11 2009.09.25 - ViRobot 2009.9.25.1954 2009.09.25 - VirusBuster 4.6.5.0 2009.09.24 - Information additionnelle File size: 102582 bytes MD5...: 1a7f3ee99520dbece26a1fdeef958ecd SHA1..: ecff96c2072230cd5444138b05969c4cfcfea3b8 SHA256: 21f62cc76a36fe3eba9902a771694efa296bf8884f272503de814548382b58ef ssdeep: 3072:Be4bETSz4bj/TiZIordoWLH1353Nb39QVv:vbP4P/tor2WLH1p9b9Cv<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Unknown! sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.25 - AhnLab-V3 5.0.0.2 2009.09.24 - AntiVir 7.9.1.25 2009.09.25 - Antiy-AVL 2.0.3.7 2009.09.25 - Authentium 5.1.2.4 2009.09.25 - Avast 4.8.1351.0 2009.09.24 - AVG 8.5.0.412 2009.09.25 - BitDefender 7.2 2009.09.25 - CAT-QuickHeal 10.00 2009.09.25 - ClamAV 0.94.1 2009.09.25 - Comodo 2430 2009.09.25 - DrWeb 5.0.0.12182 2009.09.25 - eSafe 7.0.17.0 2009.09.24 - eTrust-Vet 31.6.6760 2009.09.25 - F-Prot 4.5.1.85 2009.09.24 - F-Secure 8.0.14470.0 2009.09.25 - Fortinet 3.120.0.0 2009.09.25 - GData 19 2009.09.25 - Ikarus T3.1.1.72.0 2009.09.25 - Jiangmin 11.0.800 2009.09.25 - K7AntiVirus 7.10.853 2009.09.24 - Kaspersky 7.0.0.125 2009.09.25 - McAfee 5751 2009.09.24 - McAfee+Artemis 5751 2009.09.24 - McAfee-GW-Edition 6.8.5 2009.09.25 - Microsoft 1.5005 2009.09.23 - NOD32 4456 2009.09.25 - Norman 6.01.09 2009.09.24 - nProtect 2009.1.8.0 2009.09.25 - Panda 10.0.2.2 2009.09.24 - PCTools 4.4.2.0 2009.09.24 - Prevx 3.0 2009.09.25 - Rising 21.48.42.00 2009.09.25 - Sophos 4.45.0 2009.09.25 - Sunbelt 3.2.1858.2 2009.09.24 - Symantec 1.4.4.12 2009.09.25 - TheHacker 6.5.0.2.017 2009.09.24 - TrendMicro 8.950.0.1094 2009.09.25 - VBA32 3.12.10.11 2009.09.25 - ViRobot 2009.9.25.1954 2009.09.25 - VirusBuster 4.6.5.0 2009.09.24 - Information additionnelle File size: 102582 bytes MD5...: 1a7f3ee99520dbece26a1fdeef958ecd SHA1..: ecff96c2072230cd5444138b05969c4cfcfea3b8 SHA256: 21f62cc76a36fe3eba9902a771694efa296bf8884f272503de814548382b58ef ssdeep: 3072:Be4bETSz4bj/TiZIordoWLH1353Nb39QVv:vbP4P/tor2WLH1p9b9Cv<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Unknown! sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

le rapport est le suivant Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2857 Windows 5.1.2600 Service Pack 3 25/09/2009 11:36:33 mbam-log-2009-09-25 (11-36-24).txt Type de recherche: Examen rapide Eléments examinés: 102921 Temps écoulé: 1 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\msvcrt2.dll (Trojan.Donbot) -> No action taken. merci

Bonjour en analysant mon système avec malwarebytes, il identifie msvcrt2.dll (dans sys32) comme une menace et demande a le supprimer. j'ai des mauvaise expérience avec la suppression des .dll qui m'a coûter le formatage de mon pc il ya pas longtemps alors je voudrais savoir si msvcrt2.dll est réellment une menace ou un fichier système qu'il faut pas toucher? merci

plusieurs essais, même message: windows ne trouve pas "catchme.exe" catchme.exe est enregistré sur le bureau

j'ai effectuer l'analyse, j'ai obtenue le rapport .log suivant catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 10:13:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:cf,3e,49,bd,67,25,d3,99,b7,c4,f8,75,a9,b6,27,51,b8,20,c8,9f,b2,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:cf,3e,49,bd,67,25,d3,99,b7,c4,f8,75,a9,b6,27,51,b8,20,c8,9f,b2,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0

bonjour pas de soucis de fonctionnement apparent pour le moment mais après un passage McAfee le trojan sysdrv32.sys (dans le fichier C:\WINDOWS\system32) résiste encore

merci pour l'aide j'ai suivi toutes les instruction. j'ai eu un probleme pour generer le rapport OTM: en fait quand je clique sur moveit j'otient a droite 'all proces killed" mais quand je ferme OTM le systeme bloque et je suis obliger a redemarer. dans C:otm j'obtien que des dossiers vide. le nouveau rapport est le suivant Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:09:31, on 12/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\MATLAB701\webserver\bin\win32\matlabserver.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe c:\matlab701\bin\win32\matlab.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\cheheb-z\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.cri.univ-nantes.fr/cache.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.160.20:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071509 serial=DR12WCX-1306682-EYW lang=FR O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celartem.com/en/download/data...ntrol_fr_FR.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://nomade.univ-nantes.fr/dana-cached/s...perSetupSP1.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Service Google Update (gupdate1c9f7de6e6d2c7e) (gupdate1c9f7de6e6d2c7e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- End of file - 9206 bytes

Bonjour depuis quelques jours mon Pc tourne au ralenti et la connexion internet est anormale (ralentissement, coupures..). en faisant un scan avec McAfee je trouve ça: sysdrv32.sys (generic Rootkit.g) localisé dans: C:\WINDOWS\system32\drivers à chauqe fois qu'il est supprimé, il suffit de redémarrer le pc pour le retrouvé. le rapport d'analyse de mon système est le suivant: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:26:23, on 12/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\MATLAB701\webserver\bin\win32\matlabserver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe c:\matlab701\bin\win32\matlab.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\system\msdct.exe C:\WINDOWS\system\msdct.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DivX\DivX Player\DivX Player.exe C:\Documents and Settings\cheheb-z\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.cri.univ-nantes.fr/cache.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.160.20:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071509 serial=DR12WCX-1306682-EYW lang=FR O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celartem.com/en/download/data...ntrol_fr_FR.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://nomade.univ-nantes.fr/dana-cached/s...perSetupSP1.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Service Google Update (gupdate1c9f7de6e6d2c7e) (gupdate1c9f7de6e6d2c7e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe O23 - Service: WM System Decode Application - Unknown owner - C:\WINDOWS\system\msdct.exe -- End of file - 9581 bytes Merci pour vôtre aide