probleme trojan TR/Drop.Basine.C

[jul5578]

Bonjour à toutes et à tous,

et merci d'avance pour votre aide:

voilà je pense etre infecté par un trojan que avira détecte sous le nom de TR/Drop.Basine.C et que norton(ce dernier étant en surci

sur mon ordinateur) détecte sous le nom de Hacktool.Rootkit

j'ai utilisé malwarebytes qui a nettoyer une menace mais n'a pas éradiqué le virus

j'ai également utilisé spyboot (option teatime désactivé), ainsi que ccleaner, désactivé la restauration systeme

mais sans succes... pas moyen de me débarrasser de cette sale bête!!!

merci pour votre oeil d'expert et votre appui, je vous transmets les rapports de hijackthis ainsi que celui de malware et combofix:

dans l'ordre chronologique:

 

***rapport malewarebytes***

 

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1817

Windows 5.1.2600 Service Pack 3

 

04/03/2009 19:35:25

mbam-log-2009-03-04 (19-35-25).txt

 

Type de recherche: Examen rapide

Eléments examinés: 76471

Temps écoulé: 6 minute(s), 42 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

 

***rapport hijackthis***

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:21:46, on 04/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\dllhost.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\apps\ABoard\ABoard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\apps\ABoard\AOSD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

D:\Documents and Settings\Bibou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

D:\Documents and Settings\Bibou\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\Bibou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232793012625

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: ANHEWAITBY - Unknown owner - D:\DOCUME~1\Bibou\LOCALS~1\Temp\ANHEWAITBY.exe (file missing)

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 12443 bytes

 

 

 

***rapport combofix***

 

ComboFix 09-03-03.01 - Bibou 2009-03-04 22:00:34.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2622 [GMT 1:00]

Lancé depuis: d:\documents and settings\Bibou\Mes documents\Utilitaires\ComboFix.exe

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)

AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated)

FW: Norton Internet Security 2006 *disabled*

FW: Norton Internet Worm Protection *disabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\_000006_.tmp.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-04 19:16 . 2009-03-04 19:16 <REP> d-------- c:\program files\Trend Micro

2009-03-04 19:14 . 2009-03-04 19:14 <REP> d-------- d:\documents and settings\Bibou\Application Data\Malwarebytes

2009-03-04 19:14 . 2009-03-04 19:14 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-04 19:14 . 2009-03-04 19:14 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-04 19:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-04 19:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-03 20:09 . 2009-03-03 20:09 0 --a------ c:\windows\msicpl.ini

2009-03-03 19:49 . 2009-03-03 19:49 <REP> d-------- c:\windows\system32\AGEIA

2009-03-03 19:49 . 2009-03-03 19:49 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

2009-03-03 19:49 . 2009-03-03 19:49 <REP> d-------- c:\program files\AGEIA Technologies

2009-03-03 19:48 . 2008-12-26 00:08 206,755 --a------ c:\windows\system32\nvapps.nvb

2009-03-03 19:35 . 2009-03-03 19:35 <REP> d-------- c:\program files\Setup Files

2009-03-03 19:30 . 2009-03-03 19:30 <REP> d-------- c:\program files\MSI

2009-02-25 22:19 . 2009-02-25 22:19 <REP> d-------- c:\program files\Lavalys

2009-02-24 19:26 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat

2009-02-22 15:38 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys

2009-02-18 19:19 . 2009-02-18 19:19 <REP> d-------- d:\documents and settings\All Users\Application Data\Soulseek

2009-02-17 23:04 . 2009-02-17 23:04 <REP> d-------- d:\documents and settings\Bibou\Application Data\ESTsoft

2009-02-17 23:04 . 2009-02-17 23:04 <REP> d-------- c:\program files\ESTsoft

2009-02-12 08:34 . 2009-03-01 18:02 54,156 --ah----- c:\windows\QTFont.qfn

2009-02-12 08:34 . 2009-02-12 08:34 1,409 --a------ c:\windows\QTFont.for

2009-02-10 16:59 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll

2009-02-10 16:59 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys

2009-02-10 16:59 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys

2009-02-08 19:33 . 2009-02-08 19:33 <REP> d-------- d:\documents and settings\Bibou\Application Data\Atari

2009-02-08 19:32 . 2009-03-03 20:15 43,520 --a------ c:\windows\system32\CmdLineExt03.dll

2009-02-08 17:53 . 2009-02-08 17:53 <REP> d-------- c:\program files\Fichiers communs\PocketSoft

2009-02-08 17:53 . 2002-02-27 17:50 197,120 --a------ c:\windows\patchw32.dll

2009-02-08 17:47 . 2009-02-08 17:47 <REP> d-------- c:\program files\Atari

2009-02-08 16:46 . 2009-02-08 16:46 <REP> d-------- d:\documents and settings\Bibou\Application Data\AdobeUM

2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-04 20:58 --------- d-----w c:\program files\Fichiers communs\Symantec Shared

2009-03-04 20:39 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-27 06:32 --------- d-----w c:\program files\Norton Internet Security

2009-02-26 19:16 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-26 17:17 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-22 14:38 --------- d-----w c:\program files\Windows Live

2009-02-10 16:00 --------- d-----w c:\program files\Winamp

2009-02-10 15:59 --------- d-----w d:\documents and settings\Bibou\Application Data\Winamp

2009-02-08 17:02 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-03 18:52 --------- d-----w d:\documents and settings\All Users\Application Data\WinZip

2009-02-03 06:51 856,064 ----a-w c:\windows\RUN327.DLL

2009-02-03 06:51 675,840 ----a-w c:\windows\RUN326.DLL

2009-02-03 06:51 496,640 ----a-w c:\windows\RUN324.DLL

2009-02-03 06:51 397,312 ----a-w c:\windows\RUN325.DLL

2009-02-03 06:51 2,511,872 ----a-w c:\windows\RUN323.DLL

2009-02-03 06:51 116,224 ----a-w c:\windows\RUN32TEST.DLL

2009-02-03 06:50 901,120 ----a-w c:\windows\RUN322.DLL

2009-02-03 06:50 1,745,408 ----a-w c:\windows\RUN321.DLL

2009-02-02 21:19 --------- d-----w c:\program files\Reference Assemblies

2009-02-02 21:19 --------- d-----w c:\program files\MSBuild

2009-02-02 20:53 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment

2009-02-02 20:16 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-02-02 20:16 --------- d--h--r d:\documents and settings\Bibou\Application Data\SecuROM

2009-02-02 20:09 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys

2009-02-02 20:09 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys

2009-02-01 10:15 413,696 ----a-w c:\windows\system32\wrap_oal.dll

2009-02-01 10:15 110,592 ----a-w c:\windows\system32\OpenAL32.dll

2009-02-01 09:13 --------- d-----w c:\program files\D-Tools

2009-01-31 19:15 --------- d-----w d:\documents and settings\Bibou\Application Data\VadeRetro

2009-01-29 19:11 --------- d-----w c:\program files\Microsoft Sync Framework

2009-01-29 19:10 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-01-29 19:09 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-29 19:09 --------- d-----w c:\program files\Microsoft

2009-01-29 18:44 --------- d-----w c:\program files\Fichiers communs\Windows Live

2009-01-26 21:05 --------- d-----w d:\documents and settings\Bibou\Application Data\Ahead

2009-01-26 18:33 --------- d-----w c:\program files\Fichiers communs\Ahead

2009-01-26 18:23 --------- d-----w c:\program files\Nero

2009-01-25 17:31 --------- d-----w d:\documents and settings\Bibou\Application Data\vlc

2009-01-25 17:31 --------- d-----w c:\program files\VideoLAN

2009-01-24 17:15 --------- d-----w c:\program files\AOL 9.0

2009-01-24 17:13 --------- d-----w d:\documents and settings\LocalService\Application Data\X10 Commander

2009-01-24 17:13 --------- d-----w d:\documents and settings\Bibou\Application Data\You've Got Pictures Screensaver

2009-01-24 17:13 --------- d-----w d:\documents and settings\Bibou\Application Data\Symantec

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\VadeRetro

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\Ulead Systems

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\SmartSound Software Inc

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\QuickTime

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\InstallShield

2009-01-24 17:13 --------- d-----w d:\documents and settings\All Users\Application Data\AOL

2009-01-24 17:13 --------- d-----w d:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver

2009-01-24 17:13 --------- d-----w d:\documents and settings\Administrateur\Application Data\Symantec

2009-01-24 17:09 --------- d-----w c:\program files\X10 Hardware

2009-01-24 17:08 --------- d-----w c:\program files\ShowTime

2009-01-24 17:08 --------- d-----w c:\program files\Services en ligne

2009-01-24 17:08 --------- d-----w c:\program files\QuickTime

2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\Ulead Systems

2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\SureThing Shared

2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\Sonic Shared

2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\aolshare

2009-01-24 17:07 --------- d-----w c:\program files\Fichiers communs\AOL

2009-01-24 17:07 --------- d-----w c:\program files\AOL Compagnon

2009-01-24 14:23 --------- d-----w c:\program files\CCleaner

2009-01-24 13:52 --------- d-----w d:\documents and settings\All Users\Application Data\Avira

2009-01-24 13:52 --------- d-----w c:\program files\Avira

2009-01-24 11:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-24 11:13 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL

2009-01-24 11:13 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-24 11:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-24 11:13 --------- d-----w d:\documents and settings\All Users\Application Data\Symantec

2009-01-24 11:13 --------- d-----w c:\program files\Symantec

2009-01-24 10:57 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-24 09:30 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-24 09:29 --------- d-----w c:\program files\Java

2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2009-01-08 23:00 614,400 ----a-w c:\windows\system32\msvcr80.dll

2009-01-08 23:00 32,768 ----a-w c:\windows\system32\Auxiliary.dll

2009-01-08 23:00 262,144 ----a-w c:\windows\system32\HookShield.dll

2009-01-08 23:00 262,144 ----a-w c:\windows\system32\HookMAp.dll

2009-01-08 23:00 208,896 ----a-w c:\windows\system32\WinSys2.exe

2009-01-08 23:00 131,072 ----a-w c:\windows\system32\smdll.dll

2009-01-08 23:00 130,048 ----a-w c:\windows\system32\MadCHook.dll

2009-01-08 23:00 1,785,856 ----a-w c:\windows\system32\msicpl.dll

2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-20 22:47 826,368 ------w c:\windows\system32\dllcache\wininet.dll

2008-12-20 22:47 671,232 ------w c:\windows\system32\dllcache\mstime.dll

2008-12-20 22:47 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll

2008-12-20 22:47 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll

2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

2008-12-20 22:47 193,024 ------w c:\windows\system32\dllcache\msrating.dll

2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll

2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll

2008-12-20 22:47 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll

2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-12 17:29 3,088,384 ----a-w c:\windows\system32\SETD6.tmp

2008-12-12 17:29 3,088,384 ----a-w c:\windows\system32\SET330.tmp

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-19 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600]

"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]

"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 52840]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]

"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"WinSys2"="c:\windows\system32\winsys2.exe" [2009-01-09 208896]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-19 98304]

"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

d:\documents and settings\Bibou\Menu D‚marrer\Programmes\D‚marrage\

Outil de notification Live Search.lnk - d:\documents and settings\Bibou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-01-29 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-01-30 07:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]

--a------ 2005-10-20 05:15 102400 c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]

--a------ 2006-01-30 08:56 1978368 c:\apps\Softex\OmniPass\scureapp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-07-19 20:50 98304 c:\program files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

--a------ 2005-11-17 08:51 975360 c:\apps\SMP\SMPSYS.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2009-02-01 137216]

R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2009-02-01 5248]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-22 55152]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-07-19 825600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]

R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-07-19 7040]

S3 ANHEWAITBY;ANHEWAITBY;d:\docume~1\Bibou\LOCALS~1\Temp\ANHEWAITBY.exe --> d:\docume~1\Bibou\LOCALS~1\Temp\ANHEWAITBY.exe [?]

S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - COMHOST

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-04 c:\windows\Tasks\Extension de garantie.job

- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

 

2009-03-04 c:\windows\Tasks\Master CD_DVD Creator.job

- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]

 

2009-02-27 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Bibou.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 12:00]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 22:02:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-3974519209-611569067-3478823060-1005\Software\SecuROM\License information*]

"datasecu"=hex:3f,c1,80,32,7b,a1,59,cf,da,41,ec,0e,6a,d1,25,3e,0f,28,61,33,30,

50,7e,38,8b,b2,45,f9,9b,75,f4,fd,21,56,6e,fb,ea,ac,58,bc,3f,f8,11,48,4b,ad,\

"rkeysecu"=hex:94,04,ae,2d,ea,f3,4a,63,6d,3f,2a,b6,dc,f5,39,33

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(612)

c:\apps\Softex\OmniPass\opxpgina.dll

.

Heure de fin: 2009-03-04 22:04:01

ComboFix-quarantined-files.txt 2009-03-04 21:03:57

 

Avant-CF: 13 986 160 640 octets libres

Après-CF: 13,966,917,632 octets libres

 

267 --- E O F --- 2009-02-25 22:06:05

[angelique]

Closed!

 

http://forum.malekal.com/viewtopic.php?f=3...6dd1a03057f5df0