Combofix éradication

[lulu30]

Bonjour messieurs,

 

Sur les conseil de " Comment sa marche " j'ai effectué un scan de combofix sur mon ordinateur suite a une annonce d'erreur.

A chaque démarrage j'avais le message suivant: The setup files are corrupted.Please obtain a new copy of the program .

J'ai donc scanné mon PC et je vous envoi le rapport que je vous prierais d'analysé.

Je vous remercie d'avence pour vos cervices.

 

ComboFix 12-02-17.02 - JEAN-MICHEL 18/02/2012 11:53:54.1.2 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.2047.932 [GMT 1:00]

Lancé depuis: c:\users\JEAN-MICHEL\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\JEAN-MICHEL\AppData\Roaming\app

c:\users\JEAN-MICHEL\AppData\Roaming\app\Jerakine_lang.dat

c:\users\JEAN-MICHEL\AppData\Roaming\app\Jerakine_lang_vesrion.dat

c:\users\JEAN-MICHEL\AppData\Roaming\OfferBox

c:\users\JEAN-MICHEL\AppData\Roaming\OfferBox\config.dat

c:\users\JEAN-MICHEL\AppData\Roaming\OfferBox\config.xml

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-01-18 au 2012-02-18 ))))))))))))))))))))))))))))))))))))

.

.

2012-02-18 11:02 . 2012-02-18 11:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-02-18 11:02 . 2012-02-18 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-16 23:24 . 2012-02-16 23:24 -------- d-----w- c:\users\JEAN-MICHEL\AppData\Roaming\Cocoon Software

2012-02-16 23:24 . 2012-02-16 23:28 -------- d-----w- c:\program files\QuickMediaConverter

2012-02-16 23:23 . 2012-02-16 23:23 -------- d-----w- c:\users\JEAN-MICHEL\AppData\Local\WDSetup

2012-02-16 11:48 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 11:48 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 11:48 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 11:48 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 11:48 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 11:48 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-16 11:47 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 11:47 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-01-26 15:48 . 2012-01-26 15:48 -------- d-----w- c:\users\JEAN-MICHEL\AppData\Roaming\AVS4YOU

2012-01-26 15:46 . 2012-01-26 15:59 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-01-26 15:46 . 2012-01-26 15:59 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-01-26 15:46 . 2012-01-26 15:48 -------- d-----w- c:\programdata\AVS4YOU

2012-01-26 15:46 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2012-01-26 15:46 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-01-19 16:20 . 2012-01-19 16:20 -------- d-----w- c:\programdata\Kaspersky Lab

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 23:17 . 2011-12-01 12:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-11 16:59 . 2012-01-11 16:59 53248 ----a-r- c:\users\JEAN-MICHEL\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-01-11 15:44 . 2011-11-04 18:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-12-15 10:49 . 2011-12-15 10:49 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-12-10 14:24 . 2011-11-26 13:41 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 18:01 . 2011-01-17 12:03 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-01-17 12:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-01-17 06:52 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-03-03 12:25 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-01-17 12:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-01-17 12:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-01-17 12:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-01-17 12:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-01-17 12:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DuckCapture"="c:\program files (x86)\DuckLink\DuckCapture\DuckCapture.exe" [2011-11-03 436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

"ForceActiveDesktopOn"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]

R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-02-15 41728]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-02-15 3045688]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]

S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-02-15 63880]

S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-02-18 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-09 08:50]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://fr.ask.com/?l=dis&o=15776

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\users\JEAN-MICHEL\AppData\Roaming\Mozilla\Firefox\Profiles\zcez7a99.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHELINS SUPPRIMES - - - -

.

SafeBoot-SolutoService

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2012-02-18 12:15:11

ComboFix-quarantined-files.txt 2012-02-18 11:15

.

Avant-CF: 117 987 614 720 octets libres

Après-CF: 117 759 598 592 octets libres

.

- - End Of File - - BCC83CC87DB9AF9BA5AF8C4B7765AAC9