virus startdrv.exe Fermé

Question

Bonjour,à tous!! J'ai un gros problème, depuis quelque temps j'ai un virus nommé "startdrv.exe" et celui-ci est situé dans le dossier C:\Windows	emp mais mon antivirus n'arrive pas à le supprimer, ni à le mettre en quarantaine!! on m'a déjà dit de faire un démarrage en mode sans échec et d'activer spybot et adaware et mon antivirus mais cela n'a rien changé!! S.v.p j'ai vraiment besoin d'aide car mon pc n'avance plus très vite et c'est vraiment énervant!!
Je vous remercie d'avance ;) a+

Lyonnais92 · Answer

Bonjour,

1) Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.  

2) Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
              http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

raph1992 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:39, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

raph1992 · Answer

ComboFix 07-12-15.5 - HP_Administrateur 2007-12-15 16:10:24.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.32.1036.18.435 [GMT 1:00] Running from: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Administrateur\Application Data\DriveCleaner Free C:\Documents and Settings\HP_Administrateur\Application Data\DriveCleaner Free\Logs\update.log C:\Documents and Settings\HP_Administrateur\err.log C:\WA6P C:\WINDOWS\system32\3_exception.nls C:\WINDOWS\system32\fo-remove.exe C:\WINDOWS\system32\stera.log C:\WINDOWS\system32\UpMedia D:\Autorun.inf C:\WINDOWS\system32\drivers untime2.sys . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FOPN -------\LEGACY_NTMLSVC -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\LEGACY_VSPF -------\LEGACY_VSPF_HK -------\NtmlSvc ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))))))) . 2007-12-15 15:34 . 2007-12-15 15:34 d-------- C:\Program Files\Trend Micro 2007-12-15 15:08 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-12-15 15:08 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-12-15 15:08 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-12-15 15:08 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-12-15 15:08 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-12-13 06:19 . 2007-12-13 06:19 d-------- C:\Program Files\iPod 2007-12-13 06:19 . 2007-12-15 15:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-13 06:19 . 2007-12-13 06:19 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-13 06:18 . 2007-12-13 06:19 d-------- C:\Program Files\iTunes 2007-12-13 06:16 . 2007-12-13 06:17 d-------- C:\Program Files\QuickTime 2007-12-12 16:27 . 2007-12-12 16:31 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-02 21:56 . 2007-12-02 21:56 d-------- C:\Program Files\DVD Decrypter 2007-11-30 22:19 . 2007-11-30 22:19 d-------- C:\Program Files\Windows Live Favorites 2007-11-22 21:03 . 2007-11-22 21:03 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft 2007-11-22 21:02 . 2007-11-22 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-22 21:02 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-20 15:06 . 2007-11-20 15:06 d-------- C:\Documents and Settings\All Users\SonicStage 2007-11-20 14:49 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll 2007-11-20 14:49 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys 2007-11-20 14:49 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys 2007-11-20 14:49 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys 2007-11-20 14:49 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys 2007-11-20 14:48 . 2007-11-20 14:48 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation 2007-11-20 14:48 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll 2007-11-20 14:48 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll 2007-11-20 14:48 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll 2007-11-20 14:48 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll 2007-11-20 14:48 . 2006-10-18 16:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-11-20 14:48 . 2007-01-13 08:27 98,304 --a------ C:\WINDOWS\system32\CddbLangFRSony.dll 2007-11-20 14:48 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll 2007-11-20 14:47 . 2007-11-20 14:49 d-------- C:\Program Files\Sony 2007-11-20 14:46 . 2007-11-20 14:47 d-------- C:\Program Files\Fichiers communs\Sony Shared 2007-11-20 14:46 . 2007-11-20 15:06 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Sony Corporation 2007-11-16 15:39 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll 2007-11-16 15:39 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys 2007-11-16 15:39 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD 2007-11-16 15:39 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys 2007-11-16 15:38 . 2007-11-16 15:39 d-------- C:\Program Files\ANI 2007-11-16 15:38 . 2003-09-18 19:03 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll 2007-11-16 15:38 . 2004-04-19 15:03 557,056 --a------ C:\WINDOWS\system32\ANIWZCS2.dll 2007-11-16 15:38 . 2004-05-13 19:50 208,896 --a------ C:\WINDOWS\system32\wlanapi.dll 2007-11-16 15:38 . 2004-02-03 17:20 192,512 --a------ C:\WINDOWS\system32\aIPH.dll 2007-11-16 15:38 . 2004-03-12 15:33 118,784 --a------ C:\WINDOWS\system32\WlanApp.dll 2007-11-16 15:38 . 2003-12-19 17:14 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll 2007-11-16 15:38 . 2003-06-03 18:23 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-15 14:42 --------- d-----w C:\Program Files\SP2 Connection Patcher 2007-12-15 14:08 --------- d-----w C:\Program Files\Electronic Arts 2007-12-15 14:03 --------- d-----w C:\Program Files\eMule 2007-12-01 02:10 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-23 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-20 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-17 10:33 --------- d-----w C:\Program Files\PartyGaming 2007-11-16 14:40 --------- d-----w C:\Program Files\DivX 2007-11-16 14:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-15 20:45 --------- d-----w C:\Program Files\Fichiers communs\BitDefender 2007-11-13 13:41 --------- d-----w C:\Program Files\Red Kawa 2007-11-13 13:41 --------- d-----w C:\Program Files\AviSynth 2.5 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 05:35 --------- d-----w C:\Program Files\Adverts 2007-10-31 13:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2007-10-28 12:34 --------- d-----w C:\Program Files\BitDefender 2007-10-26 21:32 --------- d-----w C:\Program Files\MSN Messenger 2007-10-26 21:32 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-25 13:15 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data emp 2007-10-23 13:47 --------- d-----w C:\Program Files\Ubisoft 2007-10-22 13:07 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-22 12:14 --------- d-----w C:\Program Files\Macrogaming 2007-10-22 12:10 --------- d-----w C:\Program Files\Jasc Software Inc 2007-10-22 12:05 --------- d-----w C:\Program Files\BoontyGames 2007-10-22 12:04 --------- d-----w C:\Program Files\Boonty 2007-10-22 11:53 --------- d-----w C:\Program Files\Ashampoo 2007-09-11 16:56 0 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat 2007-03-10 09:32 384 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb6334.dat 2007-03-10 09:31 194 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb8467.dat 2007-03-10 09:31 18,432 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb41.dat 2007-03-01 21:09 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys 2007-01-31 17:50 8 --sh--r C:\WINDOWS\system32\CD41767FEB.sys 2007-01-31 17:50 2,514 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 19:11] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] "SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 12:51] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34] "ftutil2"="ftutil2.dll" [2004-06-07 06:05 C:\WINDOWS\system32\ftutil2.dll] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 C:\WINDOWS\RTHDCPL.EXE] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 18:59] "NvCplDaemon"="RUNDLL32.exe" [2004-08-10 05:00 C:\WINDOWS\system32 undll32.exe] "nwiz"="nwiz.exe" [2006-06-20 18:06 C:\WINDOWS\system32 wiz.exe] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 14:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 14:34] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 22:11] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 18:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys *Newly Created Service* - ENTDRV51 . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-15 15:00:00 C:\WINDOWS\Tasks\ABB364439185156B.job" - c:\docume~1\hp_adm~1\applic~1\joybir~1\vcmaildent.exe "2007-12-12 22:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-15 14:51:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-15 16:21:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-15 16:23:48 - machine was rebooted . 2007-12-12 15:36:45 --- E O F ---

Lyonnais92 · Answer

Bonjour,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

raph1992 · Answer

SDFix: Version 1.118

Run by HP_Administrateur on 16/12/2007 at 11:19

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\HP_ADM~1\Bureau\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\LOG.TMP - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 11:36:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:873930cc
"s2"=dword:d89c76af
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5f,4c,b1,8e,0f,c8,a5,d0,fd,9c,a6,d6,d9,db,6d,4a,3f,02,73,d2,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f8,50,a9,58,39,c9,67,f3,f0,d6,80,c0,3c,7f,63,a1,de,..
"khjeh"=hex:23,09,07,a1,04,38,6f,48,71,38,35,5b,95,bf,7e,6f,54,30,f1,d4,3a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,3d,c7,55,1b,92,45,3c,a8,d0,07,ba,e0,10,50,c5,79,ed,8e,bc,89,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5f,4c,b1,8e,0f,c8,a5,d0,fd,9c,a6,d6,d9,db,6d,4a,3f,02,73,d2,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f8,50,a9,58,39,c9,67,f3,f0,d6,80,c0,3c,7f,63,a1,de,..
"khjeh"=hex:23,09,07,a1,04,38,6f,48,71,38,35,5b,95,bf,7e,6f,54,30,f1,d4,3a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,3d,c7,55,1b,92,45,3c,a8,d0,07,ba,e0,10,50,c5,79,ed,8e,bc,89,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\gangsta-titi@hotmail.com\DFSR\Staging\CS{7A86AE87-B1E1-35FC-7851-CBA158896E62}\01\13-{7A86AE87-B1E1-35FC-7851-CBA158896E62}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\micho@duarte.com\DFSR\Staging\CS{B26A7AE6-B5E3-8842-9032-1A114589FE59}\01\10-{B26A7AE6-B5E3-8842-9032-1A114589FE59}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\princesse_nim@hotmail.com\DFSR\Staging\CS{0848B3B9-C6FE-AEA6-8A9D-BD8F9468968A}\01\12-{0848B3B9-C6FE-AEA6-8A9D-BD8F9468968A}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\yan7_yeah@hotmail.com\DFSR\Staging\CS{99101B32-E71A-1778-E7AB-7BBA811D8295}\01\11-{99101B32-E71A-1778-E7AB-7BBA811D8295}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messengeraphdulux@hotmail.com\SharingMetadata	ino-berodt@hotmail.com\DFSR\Staging\CS{50689F4E-D4EC-5E9E-064E-BCABF627B89C}\01\11-{50689F4E-D4EC-5E9E-064E-BCABF627B89C}-v1-{D5C161C9-A5DE-464B-89C0-0971FCBAD875}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger	ino-berodt@hotmail.com\SharingMetadata\barcalona_amine@hotmail.com\DFSR\Staging\CS{615BF464-8AE6-CEBE-5F68-4E947A96CFE7}\01\10-{615BF464-8AE6-CEBE-5F68-4E947A96CFE7}-v1-{8E83EF6A-3137-41C7-904F-A6A22A3E4904}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger	ino-berodt@hotmail.com\SharingMetadata\damelisa@mail.pt\DFSR\Staging\CS{A99B4DA1-C6E5-0857-635B-79705A6E2045}\01\11-{A99B4DA1-C6E5-0857-635B-79705A6E2045}-v1-{8E83EF6A-3137-41C7-904F-A6A22A3E4904}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\HP_ADM~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 27 Dec 2006           211 A.SHR --- "C:\BOOT.BAK"
Mon 17 Sep 2007            24 A.SH. --- "C:\WINDOWS\SECFE67C0.tmp"
Wed 10 Oct 2007       625,152 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 13 Oct 2004     1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 10 Aug 2004        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Thu 12 Jul 2007     5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu  1 Mar 2007            22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 31 Jan 2007             8 ..SHR --- "C:\WINDOWS\system32\CD41767FEB.sys"
Wed 31 Jan 2007         2,514 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed  3 Jan 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon  4 Jun 2007        38,912 ...H. --- "C:\Documents and Settings\HP_Administrateur\Mes documents\~WRL0005.tmp"
Sat  3 Feb 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 29 Sep 2007    17,228,144 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6658f544763a012c23109e05e811db81\BIT15.tmp"
Thu 12 Jul 2007     3,518,240 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ee602afd918de13cd9376208d4aa041\BIT30F.tmp"
Sat 29 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c728fd35e0fbfbad19770aaa8086c1e4\BIT18.tmp"
Mon  4 Jun 2007        38,400 ...H. --- "C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Word\~WRL2582.tmp"
Mon  4 Jun 2007        28,160 ...H. --- "C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Word\~WRL2944.tmp"
Sat 15 Dec 2007         2,158 ...HR --- "C:\Documents and Settings\HP_Administrateur\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 27 Dec 2006         9,506 A.SH. --- "C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!

raph1992 · Answer

Voici un truc que je viens de trouver sur mon bureau au nom de "catchme" je vous en envoie une copie
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 11:36:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:873930cc
"s2"=dword:d89c76af
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5f,4c,b1,8e,0f,c8,a5,d0,fd,9c,a6,d6,d9,db,6d,4a,3f,02,73,d2,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f8,50,a9,58,39,c9,67,f3,f0,d6,80,c0,3c,7f,63,a1,de,..
"khjeh"=hex:23,09,07,a1,04,38,6f,48,71,38,35,5b,95,bf,7e,6f,54,30,f1,d4,3a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,3d,c7,55,1b,92,45,3c,a8,d0,07,ba,e0,10,50,c5,79,ed,8e,bc,89,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5f,4c,b1,8e,0f,c8,a5,d0,fd,9c,a6,d6,d9,db,6d,4a,3f,02,73,d2,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f8,50,a9,58,39,c9,67,f3,f0,d6,80,c0,3c,7f,63,a1,de,..
"khjeh"=hex:23,09,07,a1,04,38,6f,48,71,38,35,5b,95,bf,7e,6f,54,30,f1,d4,3a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,3d,c7,55,1b,92,45,3c,a8,d0,07,ba,e0,10,50,c5,79,ed,8e,bc,89,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\gangsta-titi@hotmail.com\DFSR\Staging\CS{7A86AE87-B1E1-35FC-7851-CBA158896E62}\01\13-{7A86AE87-B1E1-35FC-7851-CBA158896E62}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\micho@duarte.com\DFSR\Staging\CS{B26A7AE6-B5E3-8842-9032-1A114589FE59}\01\10-{B26A7AE6-B5E3-8842-9032-1A114589FE59}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\princesse_nim@hotmail.com\DFSR\Staging\CS{0848B3B9-C6FE-AEA6-8A9D-BD8F9468968A}\01\12-{0848B3B9-C6FE-AEA6-8A9D-BD8F9468968A}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\princess.celia@hotmail.com\SharingMetadata\yan7_yeah@hotmail.com\DFSR\Staging\CS{99101B32-E71A-1778-E7AB-7BBA811D8295}\01\11-{99101B32-E71A-1778-E7AB-7BBA811D8295}-v1-{187C90A3-1F5A-43C8-B1D7-F0EEF56D47D5}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messengeraphdulux@hotmail.com\SharingMetadata	ino-berodt@hotmail.com\DFSR\Staging\CS{50689F4E-D4EC-5E9E-064E-BCABF627B89C}\01\11-{50689F4E-D4EC-5E9E-064E-BCABF627B89C}-v1-{D5C161C9-A5DE-464B-89C0-0971FCBAD875}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger	ino-berodt@hotmail.com\SharingMetadata\barcalona_amine@hotmail.com\DFSR\Staging\CS{615BF464-8AE6-CEBE-5F68-4E947A96CFE7}\01\10-{615BF464-8AE6-CEBE-5F68-4E947A96CFE7}-v1-{8E83EF6A-3137-41C7-904F-A6A22A3E4904}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger	ino-berodt@hotmail.com\SharingMetadata\damelisa@mail.pt\DFSR\Staging\CS{A99B4DA1-C6E5-0857-635B-79705A6E2045}\01\11-{A99B4DA1-C6E5-0857-635B-79705A6E2045}-v1-{8E83EF6A-3137-41C7-904F-A6A22A3E4904}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7

raph1992 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:21, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Lyonnais92 · Answer

Bonjour,

tu peux refaire tourner Combofix et poster le rapport, merci.

raph1992 · Answer

ComboFix 07-12-15.5 - HP_Administrateur 2007-12-20 10:14:38.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.32.1036.18.434 [GMT 1:00] Running from: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))))))) . 2007-12-16 19:46 . 2007-12-16 19:58 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-16 19:46 . 2007-12-17 17:28 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-16 19:45 . 2007-12-17 17:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-16 11:19 . 2007-12-16 11:19 d-------- C:\WINDOWS\ERUNT 2007-12-15 15:34 . 2007-12-15 15:34 d-------- C:\Program Files\Trend Micro 2007-12-15 15:08 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-12-15 15:08 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-12-15 15:08 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-12-15 15:08 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-12-15 15:08 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-12-13 06:19 . 2007-12-13 06:19 d-------- C:\Program Files\iPod 2007-12-13 06:19 . 2007-12-20 10:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-13 06:19 . 2007-12-13 06:19 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-13 06:18 . 2007-12-13 06:19 d-------- C:\Program Files\iTunes 2007-12-13 06:16 . 2007-12-13 06:17 d-------- C:\Program Files\QuickTime 2007-12-12 16:27 . 2007-12-12 16:31 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-02 21:56 . 2007-12-02 21:56 d-------- C:\Program Files\DVD Decrypter 2007-11-30 22:19 . 2007-11-30 22:19 d-------- C:\Program Files\Windows Live Favorites 2007-11-22 21:03 . 2007-11-22 21:03 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft 2007-11-22 21:02 . 2007-11-22 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-22 21:02 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-20 15:06 . 2007-11-20 15:06 d-------- C:\Documents and Settings\All Users\SonicStage 2007-11-20 14:49 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll 2007-11-20 14:49 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys 2007-11-20 14:49 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys 2007-11-20 14:49 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys 2007-11-20 14:49 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys 2007-11-20 14:48 . 2007-11-20 14:48 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation 2007-11-20 14:48 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll 2007-11-20 14:48 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll 2007-11-20 14:48 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll 2007-11-20 14:48 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll 2007-11-20 14:48 . 2006-10-18 16:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-11-20 14:48 . 2007-01-13 08:27 98,304 --a------ C:\WINDOWS\system32\CddbLangFRSony.dll 2007-11-20 14:48 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll 2007-11-20 14:47 . 2007-11-20 14:49 d-------- C:\Program Files\Sony 2007-11-20 14:46 . 2007-11-20 14:47 d-------- C:\Program Files\Fichiers communs\Sony Shared 2007-11-20 14:46 . 2007-11-20 15:06 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Sony Corporation . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 09:10 --------- d-----w C:\Program Files\SP2 Connection Patcher 2007-12-19 09:21 --------- d-----w C:\Program Files\eMule 2007-12-15 14:08 --------- d-----w C:\Program Files\Electronic Arts 2007-12-01 02:10 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-23 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-20 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-17 10:33 --------- d-----w C:\Program Files\PartyGaming 2007-11-16 14:40 --------- d-----w C:\Program Files\DivX 2007-11-16 14:39 --------- d-----w C:\Program Files\ANI 2007-11-16 14:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-15 20:45 --------- d-----w C:\Program Files\Fichiers communs\BitDefender 2007-11-13 13:41 --------- d-----w C:\Program Files\Red Kawa 2007-11-13 13:41 --------- d-----w C:\Program Files\AviSynth 2.5 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 05:35 --------- d-----w C:\Program Files\Adverts 2007-10-31 13:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2007-10-28 12:34 --------- d-----w C:\Program Files\BitDefender 2007-10-26 21:32 --------- d-----w C:\Program Files\MSN Messenger 2007-10-26 21:32 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-25 13:15 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\temp 2007-10-23 13:47 --------- d-----w C:\Program Files\Ubisoft 2007-10-22 13:07 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-22 12:14 --------- d-----w C:\Program Files\Macrogaming 2007-10-22 12:10 --------- d-----w C:\Program Files\Jasc Software Inc 2007-10-22 12:05 --------- d-----w C:\Program Files\BoontyGames 2007-10-22 12:04 --------- d-----w C:\Program Files\Boonty 2007-10-22 11:53 --------- d-----w C:\Program Files\Ashampoo 2007-09-11 16:56 0 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat 2007-03-10 09:32 384 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb6334.dat 2007-03-10 09:31 194 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb8467.dat 2007-03-10 09:31 18,432 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb41.dat 2007-03-01 21:09 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys 2007-01-31 17:50 8 --sh--r C:\WINDOWS\system32\CD41767FEB.sys 2007-01-31 17:50 2,514 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-15_16.23.21.32 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-13 12:23:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-12-16 10:19:17 6,086,656 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-12-16 10:19:17 192,512 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2007-12-13 12:23:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-12-16 10:19:15 6,086,656 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-12-16 10:19:16 192,512 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat - 2007-08-11 14:59:28 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll + 2007-12-15 16:10:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 19:11] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] "SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 12:51] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34] "ftutil2"="ftutil2.dll" [2004-06-07 06:05 C:\WINDOWS\system32\ftutil2.dll] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 C:\WINDOWS\RTHDCPL.EXE] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 18:59] "NvCplDaemon"="RUNDLL32.exe" [2004-08-10 05:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-06-20 18:06 C:\WINDOWS\system32\nwiz.exe] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 14:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 14:34] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 22:11] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 18:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys *Newly Created Service* - ENTDRV51 . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-20 10:00:00 C:\WINDOWS\Tasks\ABB364439185156B.job" - c:\docume~1\hp_adm~1\applic~1\joybir~1\vcmaildent.exe "2007-12-19 22:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-20 09:51:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 11:02:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 11:05:33 - machine was rebooted C:\ComboFix2.txt ... 2007-12-15 16:23 . 2007-12-12 15:36:45 --- E O F ---

Lyonnais92 · Answer

Bonjour

redémarre l'ordi

Télécharge ceci: (by Moe) : 

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe 

Double clic sur Lopxpsetup.exe pour lancer l'installation 
Au menu, choisir l'option 1 
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer ! 
Une rapport sera alors crée, à copie/colle en entier sur le forum

Remets aussi un rapport Hijackthis

pas de problème avec des pubs CID ?

Virus startdrv.exe

10 réponses

Discussions similaires