Virus qui revient une fois supprimé

Système d'exploitation Microsoft Windows
27

GMER 1.0.15.15163 - www.gmer.net…
Rootkit scan 2009-11-04 18:02:44
Windows 5.1.2600 Service Pack 1
Running: gmer.exe; Driver: C:\DOCUME~1\Tidus\LOCALS~1\Temp\ugdiiuod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF40356B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4035574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4035A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF403514C]
SSDT sptd.sys ZwEnumerateKey [0xF7729FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF772A340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF403564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF403508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF40350F0]
SSDT sptd.sys ZwQueryKey [0xF772A418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF403576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF403572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF40358AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F6A4BF88 5 Bytes JMP 864B31C8
? System32\Drivers\ath8x7kd.SYS Le chemin d’accès spécifié est introuvable. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F773B06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773B018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F775D9AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F773B06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7724AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7724C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7724B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7725748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F772561E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F773A29A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1276] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00510002
IAT C:\WINDOWS\system32\services.exe[1276] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00510000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867661E8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 865571E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867D81E8
Device \Driver\dmio \Device\DmControl\DmConfig 867D81E8
Device \Driver\dmio \Device\DmControl\DmPnP 867D81E8
Device \Driver\dmio \Device\DmControl\DmInfo 867D81E8
Device \Driver\usbuhci \Device\USBPDO-1 865571E8
Device \Driver\usbehci \Device\USBPDO-2 864991E8
Device \Driver\usbuhci \Device\USBPDO-3 865571E8
Device \Driver\usbuhci \Device\USBPDO-4 865571E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{1B3AA64B-F60E-4A9C-B706-3A0A80468A46} 86422790
Device \Driver\PCI_NTPNP3980 \Device\00000062 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 867681E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867681E8
Device \Driver\Cdrom \Device\CdRom0 865341E8
Device \Driver\Cdrom \Device\CdRom1 865341E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7674510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7674510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7674510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F7674510] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 867681E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{67C5EF35-5761-48B1-8BC4-68DE902AE1BB} 86422790
Device \Driver\Ftdisk \Device\HarddiskVolume4 867681E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86422790
Device \Driver\NetBT \Device\NetbiosSmb 86422790
Device \Driver\NetBT \Device\NetBT_Tcpip_{AFE4C164-2A7B-49BF-BFA2-05851E524824} 86422790

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 865571E8
Device \Driver\usbuhci \Device\USBFDO-1 865571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86463548
Device \Driver\usbuhci \Device\USBFDO-2 865571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86463548
Device \Driver\usbuhci \Device\USBFDO-3 865571E8
Device \Driver\usbehci \Device\USBFDO-4 864991E8
Device \Driver\Ftdisk \Device\FtControl 867681E8
Device \Driver\ath8x7kd \Device\Scsi\ath8x7kd1 864661E8
Device \Driver\ath8x7kd \Device\Scsi\ath8x7kd1Port4Path0Target0Lun0 864661E8
Device \FileSystem\Cdfs \Cdfs 86405420

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1305623533
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 358789191
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0xBD 0xB6 0xD5 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0x3A 0xED 0xD6 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x05 0x91 0xB2 0xF9 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0xBD 0xB6 0xD5 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0x3A 0xED 0xD6 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x05 0x91 0xB2 0xF9 …

---- EOF - GMER 1.0.15 ----

29

En fait j’ai désinstaller antivir et j’ai réinstaller Avast pour faire un scan. Il n’a pas trouvé de virus. Et après j’ai utilisé gmer juste en désactivant Avast.
Par contre je ne suis pas sur de bien avoir désinstallé antivir, il y a plusieurs manipulation à faire en démarrant en mode sans échec et je n’ai pas fait ca… J’ai supprimé le dossier directement et après j’ai supprimer les clés avec un logiciel qu’il mettait sur le site. Le problème c’est que leur logiciel ne me supprimait pas toutes les clés.

31

ComboFix 09-10-28.08 - Tidus 04/11/2009 23:00.3.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.1023.638 [GMT 1:00]
Lancé depuis: c:\documents and settings\Tidus\Bureau\tidus912.com.exe
Commutateurs utilisés :: c:\documents and settings\Tidus\Bureau\CFScript.txt
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-04 au 2009-11-04 ))))))))))))))))))))))))))))))))))))
.

2009-11-03 17:34 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 17:34 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 17:34 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 17:34 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 17:34 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 17:34 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 17:34 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 17:33 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-03 09:32 . 2008-05-09 11:15 45376 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-03 09:32 . 2008-01-21 16:11 22336 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-03 09:32 . 2008-10-30 09:21 75072 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-03 09:32 . 2009-11-03 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-02 17:50 . 2004-08-19 23:10 13824 ------w- c:\windows\system32\wscntfy.exe
2009-11-02 17:50 . 2004-08-19 23:09 129536 ------w- c:\windows\system32\xmlprov.dll
2009-10-31 20:58 . 2009-10-31 20:58 -------- d-----w- c:\program files\directx
2009-10-31 20:50 . 2009-10-31 20:54 -------- d-----w- c:\program files\UnrealTournament
2009-10-30 20:20 . 2009-11-03 10:58 -------- d-----w- c:\windows\ERUNT
2009-10-29 19:36 . 2009-10-31 10:14 -------- d-----w- c:\program files\Trend Micro
2009-10-28 11:49 . 2009-10-28 11:49 -------- d-sh–w- c:\windows\ftpcache
2009-10-24 13:22 . 2009-10-30 11:59 -------- d-----w- c:\program files\Marco Polo Français Allemand 3.50
2009-10-13 17:15 . 2009-11-02 21:19 -------- d-----w- c:\program files\EES_AV
2009-10-13 16:54 . 2009-10-13 16:54 -------- d-----w- c:\documents and settings\Tidus\Application Data\Broad Intelligence
2009-10-13 16:54 . 2009-10-13 16:54 -------- d-----w- c:\documents and settings\Tidus\Menu DÚmarrer
2009-10-13 16:54 . 2009-10-13 17:21 -------- d-----w- c:\program files\MediaCoder
2009-10-13 16:27 . 2009-10-13 16:27 -------- d-----w- c:\documents and settings\Tidus\Application Data\Apowersoft
2009-10-13 16:27 . 2009-10-13 16:27 -------- d-----w- c:\program files\Apowersoft
2009-10-11 12:04 . 2009-10-11 12:04 -------- d-----w- c:\program files\DAEMON Tools
2009-10-11 11:57 . 2009-10-11 12:02 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-09 19:12 . 2009-10-10 10:02 -------- d-----w- c:\program files\Valve Lan
2009-10-06 17:31 . 2009-10-06 17:31 -------- d-----w- c:\documents and settings\Tidus\fontconfig
2009-10-06 17:31 . 2009-10-06 17:34 -------- d-----w- c:\documents and settings\Tidus.smplayer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 21:56 . 2009-09-14 10:56 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-31 12:41 . 2009-09-29 10:43 -------- d-----w- c:\program files\VLC
2009-10-30 20:27 . 2003-04-24 12:00 62872 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-30 20:27 . 2003-04-24 12:00 396650 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-26 19:56 . 2009-02-05 21:49 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-10-05 18:34 . 2009-10-05 18:34 -------- d-----w- c:\program files\LD-Anime
2009-09-23 16:42 . 2009-01-04 17:55 31696 ----a-w- c:\documents and settings\Tidus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-23 16:39 . 2009-09-23 16:39 -------- d-----w- c:\documents and settings\Tidus\Application Data\OpenOffice.org
2009-09-23 16:35 . 2009-09-23 16:35 -------- d-----w- c:\program files\JRE
2009-09-23 16:35 . 2009-09-23 16:35 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-23 16:34 . 2009-01-04 16:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 16:34 . 2009-09-23 16:34 -------- d-----w- c:\program files\Java
2009-09-16 18:50 . 2009-09-16 18:49 -------- d-----w- c:\program files\IZArc
2009-09-15 18:08 . 2009-09-15 18:08 -------- d-----w- c:\program files\Alwil Software
2009-09-15 18:00 . 2008-12-20 21:43 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-14 10:57 . 2009-09-14 10:57 -------- d-----w- c:\documents and settings\Tidus\Application Data\Thunderbird
2009-09-10 13:54 . 2009-02-05 21:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-02-05 21:49 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 14:41 . 2009-09-06 14:41 96 —ha-w- c:\windows\system32\HsInfo.dat
2009-09-06 14:37 . 2008-12-20 19:03 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-08-28 10:44 . 2009-08-28 10:44 265797 ----a-w- c:\windows\system32\pdvcodec.dll
2008-12-21 10:33 . 2008-12-21 10:33 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-02_17.57.08 )))))))))))))))))))))))))))))))))))))))))
.

  • 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
  • 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
  • 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
  • 2009-11-04 22:07 . 2009-11-04 22:07 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
  • 2009-11-04 22:06 . 2009-11-04 22:06 16384 c:\windows\Temp\Perflib_Perfdata_1a0.dat
  • 2009-11-03 09:32 . 2007-11-08 17:03 21248 c:\windows\system32\drivers\ssmdrv.sys
  • 2008-12-20 18:33 . 2009-11-04 22:06 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • 2008-12-20 18:33 . 2009-11-02 17:56 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • 2008-12-20 18:33 . 2009-11-02 17:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
  • 2008-12-20 18:33 . 2009-11-04 22:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
  • 2008-12-20 18:33 . 2009-11-04 22:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
  • 2008-12-20 18:33 . 2009-11-02 17:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
  • 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
  • 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
  • 2009-11-03 17:09 . 2009-11-03 17:09 228352 c:\windows\Installer\1a1aca4.msi
  • 2009-10-30 20:20 . 2009-10-30 20:20 495616 c:\windows\ERUNT\SDFIXT\Users\00000002\UsrClass.dat
  • 2009-10-30 20:20 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIXT\ERDNT.EXE
  • 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
  • 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
  • 2009-10-30 20:20 . 2009-10-30 20:20 7208960 c:\windows\ERUNT\SDFIXT\Users\00000001\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe” [2007-08-16 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2006-07-20 7581696]
“tsnp2std”=“c:\windows\tsnp2std.exe” [2005-08-17 90112]
“MGSysCtrl”=“c:\program files\System Control Manager\MGSysCtrl.exe” [2006-12-13 180736]
“DeathAdder”=“c:\program files\Razer\DeathAdder\razerhid.exe” [2008-09-05 159744]
“NeroCheck”=“c:\windows\System32\NeroCheck.exe” [2001-07-09 155648]
“TkBellExe”=“c:\program files\Fichiers communs\Real\Update_OB\realsched.exe” [2009-01-20 185872]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-09-23 149280]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-09-15 81000]
“AGRSMMSG”=“AGRSMMSG.exe” - c:\windows\AGRSMMSG.exe [2005-09-09 88203]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2006-09-22 16236032]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2006-07-20 1519616]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2003-04-24 13312]

c:\documents and settings\Tidus\Menu D?marrer\Programmes\D?marrage
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [03/11/2009 10:32 22336]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [20/12/2008 21:28 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/12/2008 21:28 35712]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/11/2009 18:34 114768]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [03/11/2009 10:32 45376]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [25/05/2009 12:11 22784]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [20/12/2008 21:49 9088]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [20/12/2008 21:49 40960]

— Autres Services/Pilotes en mémoire —

Deregistered - mbr
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.fr…
uInternet Settings,ProxyOverride = local
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {67C5EF35-5761-48B1-8BC4-68DE902AE1BB} = 10.0.1.246
FF - ProfilePath - c:\documents and settings\Tidus\Application Data\Mozilla\Firefox\Profiles\40gdvusd.default
FF - prefs.js: browser.startup.homepage - www.google.fr…
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés:

.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘winlogon.exe’(1236)
                c:\windows\system32\ODBC32.dll

              • ‘lsass.exe’(1292)
                c:\windows\System32\dssenh.dll

              • ‘explorer.exe’(4052)
                c:\windows\System32\msi.dll
                .
                ------------------------ Autres processus actifs ------------------------
                .
                c:\program files\Alwil Software\Avast4\aswUpdSv.exe
                c:\program files\Alwil Software\Avast4\ashServ.exe
                c:\program files\Java\jre6\bin\jqs.exe
                c:\windows\System32\nvsvc32.exe
                c:\program files\O2Micro Oz128 Driver\o2flash.exe
                c:\program files\CyberLink\Shared Files\RichVideo.exe
                c:\program files\Alwil Software\Avast4\ashWebSv.exe
                c:\windows\System32\wbem\wmiapsrv.exe
                c:\program files\Alwil Software\Avast4\ashMaiSv.exe
                c:\program files\Razer\DeathAdder\razertra.exe
                c:\program files\Razer\DeathAdder\razerofa.exe
                c:\program files\OpenOffice.org 3\program\soffice.exe
                c:\program files\OpenOffice.org 3\program\soffice.bin
                .

.
Heure de fin: 2009-11-04 23:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-04 22:10
ComboFix2.txt 2009-11-02 18:00

Avant-CF: 22 739 542 016 octets libres
Après-CF: 22 743 740 416 octets libres

    • End Of File - - 67C9FACBC225FFD1E974873D0FE9FCD2
33

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

Par contre j'ai remarqué qu'à chaques fois que j'utilise combofix, je ne peux plus réinstaller Vista après.

a +

34

attend j’ai dit n’importe quoi, je reprend ma dernière phrase:

Par contre j’ai remarqué qu’à chaques fois que j’utilise combofix, je ne peux plus démarrer Avast après.

désolé

36

Ok, je vous remercie tout les deux, c’est vraiment sympa de votre part d’avoir fait tous ça pour moi.

cordialement.

37

Bonjour, j’ai repris le même virus. Maintenant que je sais la démarche ça devrait mieux aller mais vous avez supprimé le texte qu’il fallait coller dans combofix si vous pouviez les remettre merci.