cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-05-31.01 - moussaoui 06/05/2015 7:01.1.2 - x86
Microsoft Windows�7 �dition Starter 6.1.7600.0.1252.33.1036.18.2048.739 [GMT 1:00]
Lanc� depuis: c:\users\moussaoui\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\windows\system32\logs
c:\windows\system32\logs\Patcher Logs\2015-05-04T14-55-14_LoLPatcherUx.log
.
Une copie infect�e de c:\windows\system32\userinit.exe a �t� trouv�e et d�sinfect�e
Copie restaur�e � partir de - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-05-05 au 2015-06-05 ))))))))))))))))))))))))))))))))))))
.
.
2015-06-05 06:09 . 2015-06-05 06:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-04 21:48 . 2015-06-04 21:48 -------- d-----w- c:\program files\SuperCopier2
2015-05-29 16:45 . 2015-05-30 19:12 -------- d-----w- C:\Games
2015-05-26 00:50 . 2015-05-26 00:50 -------- d-----w- c:\program files\CodeMeter
2015-05-24 21:00 . 2015-05-24 21:00 -------- d-----w- c:\users\moussaoui\AppData\Roaming\Disney Interactive Studios
2015-05-20 18:47 . 2015-05-20 18:47 -------- d-----w- c:\program files\Common Files\Borland Shared
2015-05-20 18:47 . 2015-05-20 18:47 -------- d-----w- c:\windows\Downloaded Installations
2015-05-14 22:46 . 2015-05-14 22:46 -------- d-----w- c:\program files\Anti Raccourci 1.0.9
2015-05-14 22:43 . 2015-06-04 20:59 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-14 22:43 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2015-05-14 22:42 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-14 22:42 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-05-14 22:42 . 2015-06-04 20:59 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-14 22:42 . 2015-06-04 20:59 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-14 22:42 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-14 22:42 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-14 22:42 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-14 22:42 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2015-05-14 22:42 . 2015-05-14 22:42 -------- d-----w- c:\program files\AVAST Software
2015-05-14 18:46 . 2015-05-14 22:42 -------- d-----w- c:\programdata\AVAST Software
2015-05-08 22:48 . 2015-05-08 22:48 -------- d-----w- c:\program files\GreenTree Applications
2015-05-06 06:56 . 2015-05-06 06:57 -------- d-----w- c:\program files\League of Legends
2015-05-06 06:56 . 2015-05-06 06:56 -------- d-----w- c:\program files\InstallShield Installation Information
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-04 22:21 . 2015-03-28 00:58 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-04 22:21 . 2015-03-28 00:58 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-26 11:48 . 2015-03-26 11:48 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2015-03-23 00:32 . 2015-04-01 22:53 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60A77FB4-0B6A-4F17-AEF5-693D7855C24F}\mpengine.dll
2014-07-10 06:16 . 2014-07-10 06:16 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-06-04 3890768]
"uTorrent"="c:\users\moussaoui\AppData\Roaming\uTorrent\uTorrent.exe" [2015-06-04 1694560]
"AntiWormUpdate"="c:\google\AutoIt3.exe" [2012-01-29 750320]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-11-19 12111576]
"AntiWormUpdate"="c:\google\AutoIt3.exe" [2012-01-29 750320]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AntiUsbWormUpdate.lnk - c:\google\AutoIt3.exe /AutoIt3ExecuteScript c:\google\googleupdate.a3x [2015-5-5 750320]
AntiWormUpdate.lnk - c:\windows\system32\cmd.exe /c start c:\google\AutoIt3.exe /AutoIt3ExecuteScript c:\google\googleupdate.a3x & exit [2009-7-14 301568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [2011-09-06 274560]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-11-29 115752]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-08-27 719576]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-01-09 25328]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-04 20:24 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-02 22:21]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-04-02 12:31]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-04-02 12:31]
.
.
------- Examen suppl�mentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\program files\MICROS~1\Office12\EXCEL.EXE/3000
IE: T�l�charger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\moussaoui\AppData\Roaming\Mozilla\Firefox\Profiles\lu9j31ee.default\
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-AntiUsbWorm - start c:\google\AutoIt3.exe
HKLM-Run-AntiUsbWorm - start c:\google\AutoIt3.exe
AddRemove-TEKKEN-3 - c:\games\TEKKEN-3\UNWISE.EXE
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-875457837-463514616-243820777-1000_Classes\CLSID\{49a2fd94-fc5a-42c5-97ae-e60cd6ba47b9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:0000000d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-875457837-463514616-243820777-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,35,5a,fc,82,b4,b5,62,0b,a9,bb,c5,76,90,af,b8,e1,d9,69,a5,b4,
3b,71,3e,cc,b1,a9,de,82,17,08,bf,b3,94,ee,a2,35,b6,a7,c6,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2264)
c:\program files\WinMover\WinMover.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVAST Software\Avast\setup\avast.setup
c:\windows\system32\WUDFHost.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Heure de fin: 2015-06-05 07:13:51 - La machine a red�marr�
ComboFix-quarantined-files.txt 2015-06-05 06:13
.
Avant-CF: 55,602,974,720 octets libres
Apr�s-CF: 55,571,439,616 octets libres
.
- - End Of File - - 33E3C5CDCA9ECEC8D45E0392F6F1CF9F
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité