jul5578

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 4 mars 2009
Dernière visite
le 4 mars 2009

Autres informations

Mes langues
français

jul5578's Achievements

Junior Member (3/12)

Réputation sur la communauté

probleme trojan TR/Drop.Basine.C

jul5578 a posté un sujet dans Analyses et éradication malwares

Bonjour à toutes et à tous, et merci d'avance pour votre aide: voilà je pense etre infecté par un trojan que avira détecte sous le nom de TR/Drop.Basine.C et que norton(ce dernier étant en surci sur mon ordinateur) détecte sous le nom de Hacktool.Rootkit j'ai utilisé malwarebytes qui a nettoyer une menace mais n'a pas éradiqué le virus j'ai également utilisé spyboot (option teatime désactivé), ainsi que ccleaner, désactivé la restauration systeme mais sans succes... pas moyen de me débarrasser de cette sale bête!!! merci pour votre oeil d'expert et votre appui, je vous transmets les rapports de hijackthis ainsi que celui de malware et combofix: dans l'ordre chronologique: ***rapport malewarebytes*** Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1817 Windows 5.1.2600 Service Pack 3 04/03/2009 19:35:25 mbam-log-2009-03-04 (19-35-25).txt Type de recherche: Examen rapide Eléments examinés: 76471 Temps écoulé: 6 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. ***rapport hijackthis*** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:21:46, on 04/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\apps\ABoard\AOSD.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe D:\Documents and Settings\Bibou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe D:\Documents and Settings\Bibou\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\Bibou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232793012625 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: ANHEWAITBY - Unknown owner - D:\DOCUME~1\Bibou\LOCALS~1\Temp\ANHEWAITBY.exe (file missing) O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12443 bytes ***rapport combofix*** ComboFix 09-03-03.01 - Bibou 2009-03-04 22:00:34.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2622 [GMT 1:00] Lancé depuis: d:\documents and settings\Bibou\Mes documents\Utilitaires\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated) FW: Norton Internet Security 2006 *disabled* FW: Norton Internet Worm Protection *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_000006_.tmp.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 )))))))))))))))))))))))))))))))))))) . 2009-03-04 19:16 . 2009-03-04 19:16 <REP> d-------- c:\program files\Trend Micro 2009-03-04 19:14 . 2009-03-04 19:14 <REP> d-------- d:\documents and settings\Bibou\Application Data\Malwarebytes 2009-03-04 19:14 . 2009-03-04 19:14 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-04 19:14 . 2009-03-04 19:14 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-04 19:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-04 19:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-03 20:09 . 2009-03-03 20:09 0 --a------ c:\windows\msicpl.ini 2009-03-03 19:49 . 2009-03-03 19:49 <REP> d-------- c:\windows\system32\AGEIA 2009-03-03 19:49 . 2009-03-03 19:49 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2009-03-03 19:49 . 2009-03-03 19:49 <REP> d-------- c:\program files\AGEIA Technologies 2009-03-03 19:48 . 2008-12-26 00:08 206,755 --a------ c:\windows\system32\nvapps.nvb 2009-03-03 19:35 . 2009-03-03 19:35 <REP> d-------- c:\program files\Setup Files 2009-03-03 19:30 . 2009-03-03 19:30 <REP> d-------- c:\program files\MSI 2009-02-25 22:19 . 2009-02-25 22:19 <REP> d-------- c:\program files\Lavalys 2009-02-24 19:26 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat 2009-02-22 15:38 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-02-18 19:19 . 2009-02-18 19:19 <REP> d-------- d:\documents and settings\All Users\Application Data\Soulseek 2009-02-17 23:04 . 2009-02-17 23:04 <REP> d-------- d:\documents and settings\Bibou\Application Data\ESTsoft 2009-02-17 23:04 . 2009-02-17 23:04 <REP> d-------- c:\program files\ESTsoft 2009-02-12 08:34 . 2009-03-01 18:02 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-12 08:34 . 2009-02-12 08:34 1,409 --a------ c:\windows\QTFont.for 2009-02-10 16:59 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2009-02-10 16:59 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-02-10 16:59 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys 2009-02-08 19:33 . 2009-02-08 19:33 <REP> d-------- d:\documents and settings\Bibou\Application Data\Atari 2009-02-08 19:32 . 2009-03-03 20:15 43,520 --a------ c:\windows\system32\CmdLineExt03.dll 2009-02-08 17:53 . 2009-02-08 17:53 <REP> d-------- c:\program files\Fichiers communs\PocketSoft 2009-02-08 17:53 . 2002-02-27 17:50 197,120 --a------ c:\windows\patchw32.dll 2009-02-08 17:47 . 2009-02-08 17:47 <REP> d-------- c:\program files\Atari 2009-02-08 16:46 . 2009-02-08 16:46 <REP> d-------- d:\documents and settings\Bibou\Application Data\AdobeUM 2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 20:58 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-03-04 20:39 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-27 06:32 --------- d-----w c:\program files\Norton Internet Security 2009-02-26 19:16 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-26 17:17 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-22 14:38 --------- d-----w c:\program files\Windows Live 2009-02-10 16:00 --------- d-----w c:\program files\Winamp 2009-02-10 15:59 --------- d-----w d:\documents and settings\Bibou\Application Data\Winamp 2009-02-08 17:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 18:52 --------- d-----w d:\documents and settings\All Users\Application Data\WinZip 2009-02-03 06:51 856,064 ----a-w c:\windows\RUN327.DLL 2009-02-03 06:51 675,840 ----a-w c:\windows\RUN326.DLL 2009-02-03 06:51 496,640 ----a-w c:\windows\RUN324.DLL 2009-02-03 06:51 397,312 ----a-w c:\windows\RUN325.DLL 2009-02-03 06:51 2,511,872 ----a-w c:\windows\RUN323.DLL 2009-02-03 06:51 116,224 ----a-w c:\windows\RUN32TEST.DLL 2009-02-03 06:50 901,120 ----a-w c:\windows\RUN322.DLL 2009-02-03 06:50 1,745,408 ----a-w c:\windows\RUN321.DLL 2009-02-02 21:19 --------- d-----w c:\program files\Reference Assemblies 2009-02-02 21:19 --------- d-----w c:\program files\MSBuild 2009-02-02 20:53 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2009-02-02 20:16 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-02 20:16 --------- d--h--r d:\documents and settings\Bibou\Application Data\SecuROM 2009-02-02 20:09 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys 2009-02-02 20:09 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys 2009-02-01 10:15 413,696 ----a-w c:\windows\system32\wrap_oal.dll 2009-02-01 10:15 110,592 ----a-w c:\windows\system32\OpenAL32.dll 2009-02-01 09:13 --------- d-----w c:\program files\D-Tools 2009-01-31 19:15 --------- d-----w d:\documents and settings\Bibou\Application Data\VadeRetro 2009-01-29 19:11 --------- d-----w c:\program files\Microsoft Sync Framework 2009-01-29 19:10 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-01-29 19:09 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-29 19:09 --------- d-----w c:\program files\Microsoft 2009-01-29 18:44 --------- d-----w c:\program files\Fichiers communs\Windows Live 2009-01-26 21:05 --------- d-----w d:\documents and settings\Bibou\Application Data\Ahead 2009-01-26 18:33 --------- d-----w c:\program files\Fichiers communs\Ahead 2009-01-26 18:23 --------- d-----w c:\program files\Nero 2009-01-25 17:31 --------- d-----w d:\documents and settings\Bibou\Application Data\vlc 2009-01-25 17:31 --------- d-----w c:\program files\VideoLAN 2009-01-24 17:15 --------- d-----w c:\program files\AOL 9.0 2009-01-24 17:13 --------- d-----w d:\documents and settings\LocalService\Application Data\X10 Commander 2009-01-24 17:13 --------- d-----w d:\documents and settings\Bibou\Application Data\You've Got Pictures Screensaver 2009-01-24 17:13 --------- d-----w d:\documents and settings\Bibou\Application Data\Symantec 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\VadeRetro 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\Ulead Systems 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\QuickTime 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\InstallShield 2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\AOL 2009-01-24 17:13 --------- d-----w d:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver 2009-01-24 17:13 --------- d-----w d:\documents and settings\Administrateur\Application Data\Symantec 2009-01-24 17:09 --------- d-----w c:\program files\X10 Hardware 2009-01-24 17:08 --------- d-----w c:\program files\ShowTime 2009-01-24 17:08 --------- d-----w c:\program files\Services en ligne 2009-01-24 17:08 --------- d-----w c:\program files\QuickTime 2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\Ulead Systems 2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\SureThing Shared 2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\Sonic Shared 2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\aolshare 2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\AOL 2009-01-24 17:07 --------- d-----w c:\program files\AOL Compagnon 2009-01-24 14:23 --------- d-----w c:\program files\CCleaner 2009-01-24 13:52 --------- d-----w d:\documents and settings\All Users\Application Data\Avira 2009-01-24 13:52 --------- d-----w c:\program files\Avira 2009-01-24 11:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-24 11:13 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-24 11:13 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-24 11:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-24 11:13 --------- d-----w d:\documents and settings\All Users\Application Data\Symantec 2009-01-24 11:13 --------- d-----w c:\program files\Symantec 2009-01-24 10:57 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-01-24 09:30 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-24 09:29 --------- d-----w c:\program files\Java 2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-08 23:00 614,400 ----a-w c:\windows\system32\msvcr80.dll 2009-01-08 23:00 32,768 ----a-w c:\windows\system32\Auxiliary.dll 2009-01-08 23:00 262,144 ----a-w c:\windows\system32\HookShield.dll 2009-01-08 23:00 262,144 ----a-w c:\windows\system32\HookMAp.dll 2009-01-08 23:00 208,896 ----a-w c:\windows\system32\WinSys2.exe 2009-01-08 23:00 131,072 ----a-w c:\windows\system32\smdll.dll 2009-01-08 23:00 130,048 ----a-w c:\windows\system32\MadCHook.dll 2009-01-08 23:00 1,785,856 ----a-w c:\windows\system32\msicpl.dll 2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-20 22:47 826,368 ------w c:\windows\system32\dllcache\wininet.dll 2008-12-20 22:47 671,232 ------w c:\windows\system32\dllcache\mstime.dll 2008-12-20 22:47 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll 2008-12-20 22:47 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll 2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll 2008-12-20 22:47 193,024 ------w c:\windows\system32\dllcache\msrating.dll 2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll 2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll 2008-12-20 22:47 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll 2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-12 17:29 3,088,384 ----a-w c:\windows\system32\SETD6.tmp 2008-12-12 17:29 3,088,384 ----a-w c:\windows\system32\SET330.tmp . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-19 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 52840] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "WinSys2"="c:\windows\system32\winsys2.exe" [2009-01-09 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-19 98304] "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] d:\documents and settings\Bibou\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - d:\documents and settings\Bibou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-01-29 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2006-01-30 07:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp] --a------ 2005-10-20 05:15 102400 c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass] --a------ 2006-01-30 08:56 1978368 c:\apps\Softex\OmniPass\scureapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-07-19 20:50 98304 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys] --a------ 2005-11-17 08:51 975360 c:\apps\SMP\SMPSYS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2009-02-01 137216] R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2009-02-01 5248] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-22 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-07-19 825600] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-07-19 7040] S3 ANHEWAITBY;ANHEWAITBY;d:\docume~1\Bibou\LOCALS~1\Temp\ANHEWAITBY.exe --> d:\docume~1\Bibou\LOCALS~1\Temp\ANHEWAITBY.exe [?] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - COMHOST . Contenu du dossier 'Tâches planifiées' 2009-03-04 c:\windows\Tasks\Extension de garantie.job - c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55] 2009-03-04 c:\windows\Tasks\Master CD_DVD Creator.job - c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26] 2009-02-27 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Bibou.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 12:00] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-04 22:02:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3974519209-611569067-3478823060-1005\Software\SecuROM\License information*] "datasecu"=hex:3f,c1,80,32,7b,a1,59,cf,da,41,ec,0e,6a,d1,25,3e,0f,28,61,33,30, 50,7e,38,8b,b2,45,f9,9b,75,f4,fd,21,56,6e,fb,ea,ac,58,bc,3f,f8,11,48,4b,ad,\ "rkeysecu"=hex:94,04,ae,2d,ea,f3,4a,63,6d,3f,2a,b6,dc,f5,39,33 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(612) c:\apps\Softex\OmniPass\opxpgina.dll . Heure de fin: 2009-03-04 22:04:01 ComboFix-quarantined-files.txt 2009-03-04 21:03:57 Avant-CF: 13 986 160 640 octets libres Après-CF: 13,966,917,632 octets libres 267 --- E O F --- 2009-02-25 22:06:05
- le 4 mars 2009
- 1 réponse

Connexion

jul5578

Compteur de contenus

Inscription

Dernière visite

Autres informations

jul5578's Achievements

Junior Member (3/12)

Réputation sur la communauté

probleme trojan TR/Drop.Basine.C

Zebulon

Outils en ligne

Naviguer