Votre question

a l aide virtumonde m attaque

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Septembre 2008 18:06:07

je sais que plusieurs post sont déja sur le forum j ai essayé de m en inspirer mais rien n yfait toujours ce foutu virus (virtumonde remover.m64)
quelqu un peut il m aider

Autres pages sur : aide virtumonde attaque

1 Septembre 2008 18:38:05

voila ce que j ai trouvé et merci pour l aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:57, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vVX3000.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\lphc7nbj0evbc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\thierry\Bureau\undll\UNDLL.EXE
C:\Documents and Settings\thierry\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lphc7nbj0evbc] C:\WINDOWS\system32\lphc7nbj0evbc.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://J:\components\hidinputmonitorx.ocx
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_a...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.00...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://J:\components\A9.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://J:\components\wmvhdrating.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O21 - SSODL: gbiwWZm - {18BFD763-B215-7DC9-3C0F-753655F5EE83} - C:\WINDOWS\system32\gxsed.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8413 bytes
Contenus similaires
a b 8 Sécurité
1 Septembre 2008 18:38:24

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    1 Septembre 2008 19:03:10

    j ai deja plus le message d alete sur la page d accueil, mais voici le rapport de combofix

    ComboFix 08-08-31.01 - thierry 2008-09-01 18:46:22.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.207 [GMT 2:00]
    Endroit: C:\Documents and Settings\thierry\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    C:\Documents and Settings\thierry\Application Data\macromedia\Flash Player\#SharedObjects\M5GCUUQA\bin.clearspring.com
    C:\Documents and Settings\thierry\Application Data\macromedia\Flash Player\#SharedObjects\M5GCUUQA\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\thierry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\thierry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\thierry\Cookies\thierry@ad.yieldmanager[2].txt
    C:\Program Files\Windows AdStatus
    C:\WINDOWS\system32\amvo.exe
    C:\WINDOWS\system32\amvo0.dll
    C:\WINDOWS\system32\blphc7nbj0evbc.scr
    C:\WINDOWS\system32\ffcbbbabeb_g.dll
    C:\WINDOWS\system32\lphc7nbj0evbc.exe
    C:\WINDOWS\system32\phc7nbj0evbc.bmp
    C:\WINDOWS\system32\tdssadw.dll
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssl.dll
    C:\WINDOWS\system32\tdsslog.dll
    C:\WINDOWS\system32\tdssmain.dll
    C:\WINDOWS\system32\tdssservers.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Legacy_SYSREST.SYS
    -------\Legacy_TDSSSERV
    -------\Service_6to4
    -------\Service_sysrest.sys
    -------\Service_tdssserv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-30 17:37 . 2008-08-30 17:37 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-08-30 17:28 . 2008-08-30 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\G DATA
    2008-08-27 16:46 . 2008-09-01 18:53 86,804 --a------ C:\WINDOWS\system32\drivers\f0dd5c77.sys
    2008-08-26 20:10 . 2008-08-26 20:10 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-08-26 17:55 . 2008-08-26 18:42 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-08-26 17:22 . 2008-08-26 17:42 1,738 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-26 17:21 . 2008-08-26 17:45 <REP> d-------- C:\SmitfraudFix
    2008-08-26 17:20 . 2008-08-26 17:20 1,574,524 --a------ C:\SmitfraudFix.exe
    2008-08-26 16:37 . 2008-08-26 16:31 23,552 --a------ C:\WINDOWS\system32\sysrest32.exe
    2008-08-26 16:37 . 2008-09-01 17:30 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
    2008-08-25 20:04 . 2008-08-25 20:04 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
    2008-08-25 18:40 . 2008-08-25 18:45 <REP> d-------- C:\Program Files\Unlocker
    2008-08-25 18:32 . 2008-08-26 16:50 <REP> d-------- C:\VundoFix Backups
    2008-08-25 17:09 . 2008-08-25 17:23 <REP> d-------- C:\Program Files\Trojan Remover
    2008-08-24 18:30 . 2008-08-24 19:24 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
    2008-08-24 18:29 . 2008-08-24 19:23 35,328 --a------ C:\WINDOWS\system32\drivers\tdssserv.sys.vir
    2008-08-09 15:38 . 2008-08-09 15:38 57,624 --a------ C:\img2-003.raw
    2008-08-08 18:10 . 2008-08-08 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microgaming
    2008-08-08 18:10 . 2008-08-08 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MGS
    2008-08-08 18:09 . 2008-08-08 18:09 <REP> d-------- C:\MicroGaming
    2008-08-04 18:31 . 2008-08-04 18:31 <REP> d-------- C:\Program Files\CFWebAdvancedU
    2008-08-04 18:31 . 2008-08-04 18:31 <REP> d-------- C:\Documents and Settings\thierry\Application Data\CamfrogWEB

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-01 15:45 --------- d-----w C:\Documents and Settings\thierry\Application Data\utorrent
    2008-08-26 18:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-26 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-08-26 16:43 --------- d-----w C:\Program Files\Ant Movie Catalog
    2008-08-25 18:27 479,776 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-08-25 18:27 46,004 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-08-25 18:27 4,073,780 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-08-25 18:27 304,114,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-08-25 18:07 --------- d-----w C:\Program Files\Kaspersky Lab
    2008-08-25 16:47 --------- d-----w C:\Program Files\Error Repair Professional
    2008-08-25 15:37 103,966 --sh--r C:\t.com
    2008-08-25 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-08-25 15:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-18 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-09 09:07 --------- d-----w C:\Program Files\utorrent
    2008-08-07 15:22 --------- d-----w C:\Program Files\Java
    2008-07-24 16:58 --------- d-----w C:\Documents and Settings\thierry\Application Data\Vso
    2008-07-21 16:33 --------- d-----w C:\Program Files\MSN Messenger
    2008-07-21 16:33 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-07-14 17:46 --------- d-----w C:\Documents and Settings\thierry\Application Data\Media Player Classic
    2006-12-26 21:00 87,608 -c--a-w C:\Documents and Settings\thierry\Application Data\ezpinst.exe
    2006-12-26 21:00 47,360 -c--a-w C:\Documents and Settings\thierry\Application Data\pcouffin.sys
    2006-10-21 13:04 54 -c--a-w C:\Program Files\delir.gio
    2006-10-11 11:03 459,432 -c--a-w C:\Documents and Settings\thierry\data.bin
    2006-07-14 17:19 52,288 -c--a-w C:\Documents and Settings\thierry\Application Data\GDIPFONTCACHEV1.DAT
    2006-03-26 13:09 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-06-07 23:12 6,722,094 -c--a-w C:\Program Files\Ad Adware SE Professional.exe
    2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
    2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
    2002-08-30 11:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
    2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
    2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
    2002-08-30 11:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
    2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
    2000-02-24 15:07 368,912 --sha-w C:\WINDOWS\system32\vbar332.dll
    .

    ------- Sigcheck -------

    2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
    2006-05-14 12:54 2023424 ee3a1f8f7c3e52f8d84686577c4f4436 C:\WINDOWS\system32\include\svchost.exe

    2004-06-17 02:08 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

    md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2003-08-22 13:25 1009152 302cc24f3508ad795ba44649216f2a47 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
    md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

    2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied

    2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-08-12 11:06 81920]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01 277296]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 18:04 707376]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-11 15:42 98304]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-08-12 20:49 77824 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "gbiwWZm"= {18BFD763-B215-7DC9-3C0F-753655F5EE83} - C:\WINDOWS\system32\gxsed.dll [2007-04-16 17:53 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i263"= C:\WINDOWS\system32\i263_32.drv
    "MSACM.MI-SC4"= MI-SC4.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\WINDOWS\\system32\\sysrest32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Groupement homologue Windows
    "3540:UDP"= 3540:UDP:p rotocole PNRP (Peer Name Resolution Protocol)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 15:48]
    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 18:01]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 10:17]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 03:23]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
    S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-08-12 10:53]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    \Shell\AutoRun\command - C:\t.com
    \Shell\explore\Command - C:\t.com
    \Shell\open\Command - C:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04063ac2-74c8-11dd-8903-00184dbdf607}]
    \shell\autorun\command - J:\t.com
    \shell\explore\command - J:\t.com
    \shell\open\command - J:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be5883f7-1fb9-11da-8ba6-4d6564696130}]
    \Shell\AutoRun\command - J:\t.com
    \Shell\explore\Command - J:\t.com
    \Shell\open\Command - J:\t.com

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-lphc7nbj0evbc - C:\WINDOWS\system32\lphc7nbj0evbc.exe
    HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.free.fr/
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
    C:\WINDOWS\Downloaded Program Files\npwwg.inf

    O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    C:\WINDOWS\Downloaded Program Files\MDM.inf

    O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe

    O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
    C:\WINDOWS\system32\msvcp60.dll
    C:\WINDOWS\system32\atl.dll
    C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
    C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll

    O16 -: {FD40EC41-D860-4579-8BA4-52671A45C71C} - hxxp://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
    C:\WINDOWS\Downloaded Program Files\default.inf
    C:\WINDOWS\Downloaded Program Files\npchatg.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-01 18:53:08
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f0dd5c77]
    "ImagePath"="\SystemRoot\System32\drivers\f0dd5c77.sys"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\RtlGina2.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\APPS\ABOARD\AOSD.EXE
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-01 18:57:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-01 16:57:19

    Pre-Run: 85,743,902,720 octets libres
    Post-Run: 85,759,123,456 octets libres

    264 --- E O F --- 2008-08-30 15:38:02
    1 Septembre 2008 19:06:48

    et désolé c est vrai que j ai été malpolis je n'ai pas dit bonjour mais je suis tellement pris par ce virus depuis quelques jours que j en oubli les bonnes manières
    1 Septembre 2008 19:13:22

    et voici dernier rapport de hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:11:12, on 01/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\thierry\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: desktop(2).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://J:\components\hidinputmonitorx.ocx
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_a...
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.00...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://J:\components\A9.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://J:\components\wmvhdrating.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
    O21 - SSODL: gbiwWZm - {18BFD763-B215-7DC9-3C0F-753655F5EE83} - C:\WINDOWS\system32\gxsed.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8008 bytes
    a b 8 Sécurité
    1 Septembre 2008 19:18:13

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    1 Septembre 2008 21:50:34

    enfin terminé voici le rapport

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1103
    Windows 5.1.2600 Service Pack 2

    21:43:41 01/09/2008
    mbam-log-09-01-2008 (21-43-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 124929
    Temps écoulé: 2 hour(s), 15 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f0dd5c77 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\f0dd5c77 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\f0dd5c77 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Windows AdStatus (Adware.AdStatus) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\blphc7nbj0evbc.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdsslog.dll.vir (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP39\A0010732.dll (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP39\A0010735.dll (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP39\A0010736.dll (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP39\A0010737.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Virantix) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\f0dd5c77.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    2 Septembre 2008 17:42:25

    Reposte un rapport Hijackthis.
    2 Septembre 2008 20:13:27

    et voila le rapport encore merci ca a l air de bien tourner

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:12:38, on 02/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\utorrent\uTorrent.exe
    C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Nero\Nero 7\Core\nero.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\thierry\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: desktop(2).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://J:\components\hidinputmonitorx.ocx
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_a...
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.00...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://J:\components\A9.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://J:\components\wmvhdrating.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
    O21 - SSODL: gbiwWZm - {18BFD763-B215-7DC9-3C0F-753655F5EE83} - C:\WINDOWS\system32\gxsed.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8321 bytes
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS