SEPTICEMIE dans mon PC !!

Loup blanc · le 10 septembre 2008

Bonsoir Dranoel,

Télécharge Gmer sur ton bureau
Ouvre le poste de travail, puis ta partition C: et crée un nouveau dossier nommé «Gmer» (clic droit dans un espace vide, puis «Nouveau», «Dossier»)
Retourne sur ton bureau et fait un clic droit sur le fichier téléchargé puis choisis «Extraire tout»
Sélectionne le dossier que tu viens de créer comme destination,
Fait ensuite un double clic sur le ficher Gmer.exe (dans le nouveau dossier),
Dans l'onglet «Rootkit/Malware» de Gmer, coche uniquement les cases "Services" et "Files" puis clique sur le bouton «Scan»
A la fin de celui-ci, clique sur le bouton «Copie»
Colle enfin le résultat dans ton prochain message,

dranoel · le 11 septembre 2008

Bonjour Loup blanc,

voilà le rapport Gmer, ça ne va pas etre très agréable à lire....

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-09-11 10:53:49

Windows 5.1.2600 Service Pack 2

---- Services - GMER 1.0.14 ----

Service .NET CLR Data

Service .NET CLR Networking

Service .NETFramework

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\System32\DRIVERS\ACPI.sys (Pilote ACPI pour NT/Microsoft Corporation) [bOOT] ACPI

Service (Pilote de contrôleur intégré ACPI/Microsoft Corporation) [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [sYSTEM] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) [MANUAL] ALCXSENS

Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG

Service [DISABLED] AliIde

Service C:\WINDOWS\System32\DRIVERS\amdk7.sys (Pilote de périphérique processeur/Microsoft Corporation) [sYSTEM] AmdK7

Service [DISABLED] amsint

Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirScheduler

Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService

Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt

Service C:\WINDOWS\System32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (aspnet_state.exe/Microsoft Corporation) [MANUAL] aspnet_state

Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac

Service C:\WINDOWS\System32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [bOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (Pilote de miniport ATI RAGE 128/ATI Technologies Inc.) [MANUAL] ati2mtag

Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv

Service C:\WINDOWS\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub

Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio

Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [MANUAL] avgntflt

Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [sYSTEM] avipbb

Service BattC

Service (BEEP Driver/Microsoft Corporation) [sYSTEM] Beep

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS

Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser

Service C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device/Broadcom Corporation) [MANUAL] btaudio

Service C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation) [MANUAL] BTDriver

Service C:\WINDOWS\system32\DRIVERS\BthEnum.sys (Bluetooth Bus Extender/Microsoft Corporation) [MANUAL] BthEnum

Service C:\WINDOWS\system32\DRIVERS\bthpan.sys (Bluetooth Personal Area Networking/Microsoft Corporation) [MANUAL] BthPan

Service C:\WINDOWS\System32\Drivers\BTHport.sys (Pilote de bus Bluetooth/Microsoft Corporation) [MANUAL] BTHPORT

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] BthServ

Service C:\WINDOWS\System32\Drivers\BTHUSB.sys (Bluetooth Miniport Driver/Microsoft Corporation) [MANUAL] BTHUSB

Service C:\WINDOWS\system32\drivers\btkrnl.sys (Bluetooth Protocol Driver for Windows 2000/Broadcom Corporation) [bOOT] BTKRNL

Service C:\WINDOWS\system32\drivers\btserial.sys (Bluetooth Serial Driver for Windows 2000/Broadcom Corporation) [AUTO] BTSERIAL

Service C:\WINDOWS\system32\drivers\btslbcsp.sys (Bluetooth Serial Driver for Windows 2000/Broadcom Corporation) [AUTO] BTSLBCSP

Service C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation) [AUTO] btwdins

Service C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server Driver/Broadcom Corporation) [MANUAL] BTWDNDIS

Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation) [MANUAL] BTWUSB

Service C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Universal Serial Bus Camera Driver/Logitech Inc.) [MANUAL] CamDrL

Service C:\DOCUME~1\LEO\LOCALS~1\Temp\catchme.sys [MANUAL] catchme

Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [sYSTEM] Cdaudio

Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs

Service C:\WINDOWS\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [sYSTEM] Cdrom

Service [sYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc

Service Class

Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv

Service [DISABLED] CmdIde

Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp

Service C:\WINDOWS\System32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [bOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe (Processus du service Gestionnaire de disque logique/Microsoft Corp., Veritas Software) [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys (Pilote de démarrage du gestionnaire de disque NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys (Pilote E/S du Gestionnaire de disques NT/Microsoft Corp., Veritas Software) [bOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [bOOT] dmload

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) [AUTO] Eventlog

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem

Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility

Service (Floppy Disk Controller Driver/Microsoft Corporation) [sYSTEM] Fdc

Service (Pilote de cryptographie FIPS/Microsoft Corporation) [sYSTEM] Fips

Service (Floppy Driver/Microsoft Corporation) [sYSTEM] Flpydisk

Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [bOOT] FltMgr

Service (File System Recognizer Driver/Microsoft Corporation) [sYSTEM] Fs_Rec

Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys (Pilote de disque à FT/Microsoft Corporation) [bOOT] Ftdisk

Service C:\WINDOWS\System32\DRIVERS\gameenum.sys (Game Port Enumerator/Microsoft Corporation) [MANUAL] gameenum

Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM

Service C:\Program [MANUAL] getPlus® Helper

Service C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER) [MANUAL] gmer

Service D:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI

Service C:\WINDOWS\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] HidServ

Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter

Service [sYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys (Pilote de port i8042/Microsoft Corporation) [sYSTEM] i8042prt

Service C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT

Service C:\WINDOWS\System32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [sYSTEM] Imapi

Service C:\WINDOWS\System32\imapi.exe (API Image Mastering/Microsoft Corporation) [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] ip6fw

Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver

Service C:\WINDOWS\System32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp

Service C:\WINDOWS\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat

Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service

Service C:\WINDOWS\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [sYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\ircomm2k.sys (Virtual Infrared COM Port, Device Driver/Jan Kiszka) [MANUAL] IrCOMM2k

Service C:\WINDOWS\system32\ircomm2k.exe (Virtual Infrared COM Port, Service Program/Jan Kiszka) [AUTO] IrCOMM2kSvc

Service C:\WINDOWS\system32\DRIVERS\irda.sys (IRDA Protocol Driver/Microsoft Corporation) [AUTO] irda

Service C:\WINDOWS\System32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Irmon

Service ISAPISearch

Service C:\WINDOWS\System32\DRIVERS\isapnp.sys (Pilote de bus PNP ISA/Microsoft Corporation) [bOOT] isapnp

Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys (Pilote de la classe Clavier/Microsoft Corporation) [sYSTEM] Kbdclass

Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys (Pilote de filtre souris HID/Microsoft Corporation) [sYSTEM] kbdhid

Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer

Service (Kernel Security Support Provider Interface/Microsoft Corporation) [bOOT] KSecDD

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation

Service [sYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts

Service C:\WINDOWS\system32\drivers\lvgaec.sys [MANUAL] lvgaec

Service C:\WINDOWS\system32\drivers\lvsmflt.sys [MANUAL] lvsmflt

Service C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe [AUTO] LVSrvLauncher

Service C:\WINDOWS\system32\drivers\lvusbsta.sys (USB Statistic Driver/Logitech Inc.) [MANUAL] LVUSBSta

Service C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) [AUTO] MDC8021X

Service C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger

Service (Frame buffer simulator/Microsoft Corporation) [sYSTEM] mnmdd

Service C:\WINDOWS\System32\mnmsrvc.exe (Partage de Bureau à distance NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc

Service (Pilote de périphérique modem/Microsoft Corporation) [MANUAL] Modem

Service C:\WINDOWS\System32\DRIVERS\mouclass.sys (Pilote de la classe Souris/Microsoft Corporation) [sYSTEM] Mouclass

Service C:\WINDOWS\System32\DRIVERS\mouhid.sys (Pilote de filtre souris HID/Microsoft Corporation) [MANUAL] mouhid

Service (Mount Manager/Microsoft Corporation) [bOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV

Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [sYSTEM] MRxSmb

Service C:\WINDOWS\System32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC

Service (Mailslot driver/Microsoft Corporation) [sYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM

Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE

Service (Multiple UNC Provider driver/Microsoft Corporation) [bOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC

Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [bOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP

Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi

Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio

Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan

Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy

Service C:\WINDOWS\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [sYSTEM] NetBIOS

Service C:\WINDOWS\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [sYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe (DDE Réseau - Communication DDE/Microsoft Corporation) [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe (DDE Réseau - Communication DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm

Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman

Service C:\WINDOWS\System32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla

Service (NPFS Driver/Microsoft Corporation) [sYSTEM] Npfs

Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs

Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc

Service (NULL Driver/Microsoft Corporation) [sYSTEM] Null

Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 66.81 /NVIDIA Corporation) [MANUAL] nv

Service nv4

Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 66.81/NVIDIA Corporation) [AUTO] NVSvc

Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt

Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd

Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [bOOT] ohci1394

Service C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose

Service Outlook

Service C:\WINDOWS\System32\DRIVERS\parport.sys (Pilote de port parallèle/Microsoft Corporation) [MANUAL] Parport

Service (Partition Manager/Microsoft Corporation) [bOOT] PartMgr

Service (Pilote parallèle VDM/Microsoft Corporation) [AUTO] ParVdm

Service C:\WINDOWS\System32\DRIVERS\pci.sys (Énumérateur Plug-and-Play PCI pour NT/Microsoft Corporation) [bOOT] PCI

Service [sYSTEM] PCIDump

Service [DISABLED] PCIIde

Service (Pilote de bus PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) [AUTO] PlugPlay

Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent

Service poof

Service C:\WINDOWS\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\DRIVERS\PRISMA02.sys (PRISM Wireless NDIS 5.1 Driver/Conexant Systems, Inc.) [MANUAL] PRISM_A02

Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage

Service C:\WINDOWS\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink

Service C:\WINDOWS\system32\DRIVERS\OVCD.sys (Video Minidriver/Microsoft Corporation) [MANUAL] QCDonner

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [sYSTEM] RasAcd

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto

Service C:\WINDOWS\System32\DRIVERS\rasirda.sys (IrDA WAN Miniport Driver/Microsoft Corporation) [MANUAL] Rasirda

Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan

Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe

Service C:\WINDOWS\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti

Service C:\WINDOWS\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [sYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [sYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr

Service RDPNP

Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe (Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr

Service C:\WINDOWS\System32\DRIVERS\redbook.sys (Pilote de filtre audio Livre rouge/Microsoft Corporation) [sYSTEM] redbook

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry

Service C:\WINDOWS\system32\DRIVERS\rfcomm.sys (Bluetooth RFCOMM Driver/Microsoft Corporation) [MANUAL] RFCOMM

Service C:\WINDOWS\System32\Drivers\RootMdm.sys (Legacy Non-Pnp Modem Device Driver/Microsoft Corporation) [MANUAL] ROOTMODEM

Service C:\WINDOWS\System32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs

Service C:\WINDOWS\System32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP

Service C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023

Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs

Service C:\WINDOWS\system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [bOOT] sbp2port

Service C:\WINDOWS\System32\SCardSvr.exe (Serveur de gestion de ressources des cartes à puce/Microsoft Corporation) [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule

Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS

Service C:\WINDOWS\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum

Service C:\WINDOWS\System32\DRIVERS\serial.sys (Pilote de périphérique série/Microsoft Corporation) [sYSTEM] Serial

Service (SCSI Floppy Driver/Microsoft Corporation) [sYSTEM] Sfloppy

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler

Service C:\WINDOWS\System32\DRIVERS\sr.sys (Pilote de filtre de système de fichiers pour la restauration du système/Microsoft Corporation) [bOOT] sr

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice

Service C:\WINDOWS\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV

Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv

Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys (SCSI miniport/ ) [MANUAL] st3wolf

Service C:\WINDOWS\system32\DRIVERS\irstusb.sys (NDIS 5.0 USB Infra-Red Driver/SigmaTel, Inc.) [MANUAL] STIrUsb

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip

Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys (PnP BIOS Extension/ ) [bOOT] stwlfbus

Service C:\WINDOWS\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi

Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv

Service swwd

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe (Service des alertes et des journaux de performance/Microsoft Corporation) [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv

Service C:\WINDOWS\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [sYSTEM] Tcpip

Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE

Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP

Service C:\WINDOWS\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [sYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes

Service C:\WINDOWS\System32\tlntsvr.exe (Telnet/Microsoft Corporation) [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks

Service TSDDD

Service C:\WINDOWS\System32\DRIVERS\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [bOOT] uagp35

Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS

Service usb

Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL

Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio

Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp

Service C:\WINDOWS\System32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci

Service C:\WINDOWS\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR

Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci

Service C:\Program Files\MSN Messenger\usnsvc.exe (Messenger Sharing USN Journal Reader Service/Microsoft Corporation) [MANUAL] usnjsvc

Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [sYSTEM] VgaSave

Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.) [bOOT] viaagp1

Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [bOOT] ViaIde

Service C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Serial ATA RAID MINIPORT DRIVER FOR WINXP/VIA Technologies inc,.ltd) [bOOT] viasraid

Service (Pilote de cliché instantané du volume/Microsoft Corporation) [bOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe (Service de cliché instantané de volumes Microsoft®/Microsoft Corporation) [MANUAL] VSS

Service VXD

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\System32\wbem\wmiapsrv.exe (Service de la carte de performance WMI/Microsoft Corporation) [MANUAL] WmiApSrv

Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Service Partage réseau du Lecteur Windows Media/Microsoft Corporation) [MANUAL] WMPNetworkSvc

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv

Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf

Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov

Service {0C98830E-B02B-4E76-B177-0A94F6F2AB0B}

Service {0F715617-850B-422A-9EBE-8230D844B92A}

Service {2BF3C16B-F457-4703-9543-A986689087C4}

Service {39047361-B3CF-4DF3-A601-461379DC6C34}

Service {40587933-C501-4687-BC54-F760D801A400}

Service {4E3BABC9-DF50-4C43-ADCC-8E6A06276E99}

Service {78D6F1C4-9BDA-4B74-BBD8-3E41D8045FAE}

Service {CA3CAE0B-C9F4-4F91-AB97-D830019C300A}

---- EOF - GMER 1.0.14 ----

Loup blanc · le 11 septembre 2008

Bonsoir,

On va passer à un outils plus puissant.

Attention : Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'utilisation de cet outil.

Mal utilisé il peut endommager votre système

Télécharge Combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

Assure toi que tous les programmes sont fermés avant de commencer.
Désactive le résident de ton antivirus le temps de l'utilisation de Combofix (n'oublie pas de le réactiver ensuite)
Double-clique combofix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
S'il te demande l'autorisation de redémarrer la machine, dis lui oui.
Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt.

Modifié le 11 septembre 2008 par Loup blanc

dranoel · le 13 septembre 2008

Bonjour Loup blanc,

voici le rapport ComboFix,

on va y arriver....

ComboFix 08-09-12.07 - LEO 2008-09-13 13:49:41.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.290 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams.

ADS - explorer.exe: deleted 132 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\LEO\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\LEO\Application Data\rhce7kj0e3ea

----- BITS: Il y a peut-ˆtre des sites infect‚s -----

http://pornotube8.net

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_poof

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-13 au 2008-09-13 ))))))))))))))))))))))))))))))))))))

.

2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer

2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS

2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz

2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt

2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT

2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix

2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe

2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-13 11:47 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus

2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus

2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer

2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update

2008-08-07 19:28 --------- d-----w C:\Program Files\iTunes

2008-08-07 19:28 --------- d-----w C:\Program Files\iPod

2008-08-07 19:26 --------- d-----w C:\Program Files\Bonjour

2008-08-07 19:25 --------- d-----w C:\Program Files\QuickTime

2008-08-07 19:12 --------- d-----w C:\Program Files\Safari

2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

.

------- Sigcheck -------

2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied

2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe

md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088]

"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"oBtfVkS"= {D4E16665-7E4B-CCCF-2FE0-C8DAB406B604} - C:\WINDOWS\system32\vg.dll [2004-08-19 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= C:\WINDOWS\system32\i263_32.drv

"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"=

"C:\\Program Files\\ABC\\abc.exe"=

"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13894:TCP"= 13894:TCP:BitComet 13894 TCP

"13894:UDP"= 13894:UDP:BitComet 13894 UDP

"52333:UDP"= 52333:UDP:azureus2

"52333:TCP"= 52333:TCP:azureus3

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904]

R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248]

R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026]

R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ]

S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864]

S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

.

Contenu du dossier 'Tƒches planifi‚es'

.

------- Examen suppl‚mentaire -------

.

FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-13 13:55:01

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs

Fichiers cach‚s: 0

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\WiFiCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2008-09-13 13:58:53 - La machine a red‚marr‚

ComboFix-quarantined-files.txt 2008-09-13 11:58:38

Avant-CF: 5,820,129,280 octets libres

Après-CF: 5,808,771,072 octets libres

214

Loup blanc · le 13 septembre 2008

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Désactive le résident de ton antivirus le temps de l'utilisation de Combofix
Ouvre le bloc notes. Vérifie que dans le menu format, le retour automatique à la ligne est désactivé. puis Copie/colle ceci dedans :

Killall::

Collect::

C:\WINDOWS\system32\vg.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"oBtfVkS"=-

Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Un fichier ZIP sera créé sur ton bureau, et Combofix te demandera de l'envoyer au développeur.
Ne l'envoie pas directement, je vais te transmettre une procédure par MP pour me le faire passer, je le ferais suivre.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Modifié le 13 septembre 2008 par Loup blanc

dranoel · le 14 septembre 2008

Bonsoir Loup blanc,

alors voila le rapport combofix,

par contre aucun fichier zip n'a été crée...j'ai bien suivi la procédure

j'ai désactivé Antivir mais au redemarrage il s'est réactivé tout seul mais a chaque alerte j'ai cliqué ignorer.

Alors peut-etre que ça a fait rater la procédure je ne sais pas.

En tous cas j'ai cherché un peu partout le fichier zip mais sans résultat...

ComboFix 08-09-12.07 - LEO 2008-09-14 20:23:11.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\LEO\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\vg.dll

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))