Répondre à : virus clé usb et taskemg au démarrage 2016-09-08T13:23:15+00:00
yanndebug
Participant
Nombre d'articles : 22

ComboFix 13-12-06.01 – doums 12/06/2013 19:19:04.1.2 – x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1248 [GMT 1:00]
Running from: d:usersdoumsDesktopcosmocats.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:usersPublictaskeng.exe
D:DSC03231.jpg
D:DSC03265.jpg
D:DSC03356.jpg
D:DSC03380.jpg
D:DSC03384.jpg
D:DSC03388.jpg
D:DSC03389(2).jpg
D:DSC03389.jpg
.
.
((((((((((((((((((((((((( Files Created from 2013-11-06 to 2013-12-06 )))))))))))))))))))))))))))))))
.
.
2013-12-06 17:07 . 2013-12-03 17:28 1446912 —-a-w- d:usersdoumsAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuptaskeng.exe
2013-12-04 09:34 . 2013-12-06 17:05


d


w- D:Pre_Scan
2013-12-03 18:46 . 2013-12-03 18:46 512 —-a-w- D:PhysicalDisk0_MBR.bin
2013-12-03 17:55 . 2013-12-03 18:47


d


w- d:usersdoumsAppDataRoamingZHP
2013-12-03 17:55 . 2013-12-03 18:46


d


w- d:program filesZHPDiag
2013-12-03 17:03 . 2013-12-03 17:53


d


w- D:AdwCleaner
2013-12-03 16:02 . 2013-12-03 17:37


d


w- D:UsbFix
2013-12-03 15:33 . 2013-12-03 15:33


d


w- d:usersdoumsAppDataRoamingMalwarebytes
2013-12-03 15:32 . 2013-12-03 15:32


d


w- d:programdataMalwarebytes
2013-12-03 15:32 . 2013-12-03 15:33


d


w- d:program filesMalwarebytes’ Anti-Malware
2013-12-03 15:32 . 2013-04-04 13:50 22856 —-a-w- d:windowssystem32driversmbam.sys
2013-11-30 11:27 . 2013-11-30 11:27


d


w- d:programdataPanda Security
2013-11-30 11:27 . 2013-11-30 11:27


d


w- d:program filesPanda USB Vaccine
2013-11-28 01:07 . 2013-11-28 01:07


d


w- d:usersdoumsAppDataRoamingOpenOffice
2013-11-28 00:53 . 2013-11-28 00:53


d


w- d:usersdoumsAppDataRoamingODF
2013-11-28 00:53 . 2013-11-28 00:53


d


w- d:usersdoumsAppDataLocalODF
2013-11-22 15:16 . 2005-01-02 12:43 4682 —-a-w- d:windowssystem32npptNT2.sys
2013-11-22 15:16 . 2003-07-18 21:17 5174 —-a-w- d:windowssystem32nppt9x.vxd
2013-11-12 17:22 . 2013-07-22 17:12 5148240 —-a-w- d:windowssystem32GameMon.des
2013-11-08 18:57 . 2013-11-08 18:57


d


w- d:usersdoumsAppDataRoamingMotioninJoy
2013-11-08 18:56 . 2011-12-07 18:42 255496 —-a-w- d:windowssystem32MijFrc.dll
2013-11-08 18:56 . 2013-11-08 18:56


d


w- d:program filesMotioninJoy
2013-11-06 20:10 . 2013-01-07 14:56 851176 —-a-w- d:windowssystem32WinUSBCoInstaller2.dll
2013-11-06 20:10 . 2013-05-05 21:32 33024 —-a-w- d:windowssystem32driversScpVBus.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-04 00:14 . 2011-06-14 22:11 774392 —-a-w- d:windowssystem32driversaswSnx.sys
2013-12-04 00:14 . 2010-11-09 12:01 35656 —-a-w- d:windowssystem32driversaswFsBlk.sys
2013-12-04 00:14 . 2010-11-09 12:01 57672 —-a-w- d:windowssystem32driversaswTdi.sys
2013-12-04 00:14 . 2010-11-09 12:01 70384 —-a-w- d:windowssystem32driversaswMonFlt.sys
2013-12-04 00:14 . 2010-11-09 12:00 43152 —-a-w- d:windowsavastSS.scr
2013-12-04 00:14 . 2010-11-09 12:00 269216 —-a-w- d:windowssystem32aswBoot.exe
2013-11-20 20:33 . 2012-07-12 18:40 692616 —-a-w- d:windowssystem32FlashPlayerApp.exe
2013-11-20 20:33 . 2012-06-20 21:24 71048 —-a-w- d:windowssystem32FlashPlayerCPLApp.cpl
2013-11-08 22:30 . 2010-11-09 12:01 403440 —-a-w- d:windowssystem32driversaswsp.sys
2013-10-21 10:35 . 2013-03-01 11:04 178304 —-a-w- d:windowssystem32driversaswVmm.sys
2013-10-21 10:35 . 2013-03-01 11:04 49944 —-a-w- d:windowssystem32driversaswRvrt.sys
2013-10-21 10:35 . 2012-02-24 16:30 79720 —-a-w- d:windowssystem32driversaswRdr2.sys
2013-10-08 06:50 . 2013-11-03 22:25 94632 —-a-w- d:windowssystem32WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0avast]
@=”{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-04 00:14 321752 —-a-w- d:dossier sevenavastashShell.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
“avast5″=”d:dossier sevenavastavastUI.exe” [2013-12-04 3568312]
“AdobeAAMUpdater-1.0″=”d:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe” [2011-03-15 499608]
“SwitchBoard”=”d:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe” [2010-02-19 517096]
“AdobeCS5.5ServiceManager”=”d:program filesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” [2011-01-12 1523360]
“GrooveMonitor”=”d:dossier sevenofficeOffice12GrooveMonitor.exe” [2006-10-26 31016]
“Adobe ARM”=”d:program filesCommon FilesAdobeARM1.0AdobeARM.exe” [2013-04-04 958576]
“AvastUI.exe”=”d:dossier sevenavastAvastUI.exe” [2013-12-04 3568312]
“SunJavaUpdateSched”=”d:program filesCommon FilesJavaJava Updatejusched.exe” [2013-07-02 254336]
.
d:usersdoumsAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
taskeng.exe [2013-12-3 1446912]
.
d:programdataMicrosoftWindowsStart MenuProgramsStartup
Ralink Wireless Utility.lnk – d:program filesRALINKCommonRaUI.exe -s [2012-12-29 1040384]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
“aux”=wdmaud.drv
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsr.sys]
@=”FSFilter System Recovery”
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]
2011-09-27 05:22 59240 —-a-w- d:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate]
2011-03-21 18:56 1230704 —-a-w- d:program filesDivXDivX UpdateDivXUpdate.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKiesPreload]
2012-12-03 22:35 967608 —-a-w- d:dossier sevendrivers sasungKiesKies.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKiesTrayAgent]
2012-12-03 22:35 309688 —-a-w- d:dossier sevendrivers sasungKiesKiesTrayAgent.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;d:windowssystem32Driversssadadb.sys [2012-06-27 30312]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);d:windowssystem32DRIVERSssudbus.sys [2012-09-20 83168]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;d:windowssystem32DRIVERSMijXfilt.sys [2012-05-12 99400]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;d:windowssystem32DRIVERSnetr28.sys [x]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;d:windowssystem32DRIVERSnetr73.sys [2009-07-13 545792]
R3 npggsvc;nProtect GameGuard Service;d:windowssystem32GameMon.des [2013-07-22 5148240]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;d:windowssystem32DRIVERSRTL85n86.sys [2009-07-13 311808]
R3 ScpVBus;Scp Virtual Bus Driver;d:windowssystem32DRIVERSScpVBus.sys [2013-05-05 33024]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);d:windowssystem32DRIVERSssadbus.sys [2012-06-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);d:windowssystem32DRIVERSssadmdfl.sys [2012-06-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;d:windowssystem32DRIVERSssadmdm.sys [2012-06-27 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);d:windowssystem32DRIVERSssadserd.sys [2012-06-27 114280]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);d:windowssystem32DRIVERSssudmdm.sys [2012-09-20 181344]
R3 SwitchBoard;SwitchBoard;d:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;d:windowsSystem32Driverssptd.sys [2010-11-09 691696]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;d:windowssystem32driversaswSnx.sys [2013-12-04 774392]
S1 aswSP;aswSP;d:windowssystem32driversaswSP.sys [2013-11-08 403440]
S2 aswFsBlk;aswFsBlk;d:windowssystem32driversaswFsBlk.sys [2013-12-04 35656]
S2 aswMonFlt;aswMonFlt;d:windowssystem32driversaswMonFlt.sys [2013-12-04 70384]
S2 NPF;NetGroup Packet Filter Driver;d:windowssystem32driversnpf.sys [2010-06-25 35088]
.
.
Contents of the ‘Scheduled Tasks’ folder
.
2013-12-05 d:windowsTasksGoogleUpdateTaskUserS-1-5-21-3452680746-145448129-3087113149-1000Core.job
– d:usersdoumsAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-12-19 23:59]
.
2013-12-06 d:windowsTasksGoogleUpdateTaskUserS-1-5-21-3452680746-145448129-3087113149-1000UA.job
– d:usersdoumsAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-12-19 23:59]
.
.


Supplementary Scan


.
uStart Page = hxxp://www.google.com/” onclick=”window.open(this.href);return false;
IE: E&xport to Microsoft Excel – d:dossie~1officeOffice12EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF – ProfilePath – d:usersdoumsAppDataRoamingMozillaFirefoxProfilesdumjs7ta.default
FF – prefs.js: browser.startup.homepage – hxxp://randomc.net/2013/09/18/fall-2013-preview/” onclick=”window.open(this.href);return false;
.
– – – – ORPHANS REMOVED – – – –
.
HKCU-Run-PDT – c:usersPublictaskeng.exe
HKLM-Run-Planificateur – c:usersPublictaskeng.exe
HKLM-Explorer_Run-Planfi – c:usersPublictaskeng.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-PDT – c:usersPublictaskeng.exe
MSConfigStartUp-Planificateur – c:usersPublictaskeng.exe
AddRemove-Windows Grep_is1 – d:program filessearchtxtunins000.exe
AddRemove-01_Simmental – d:dossier sevendrivers sasungUSB Drivers1_SimmentalUninstall.exe
AddRemove-02_Siberian – d:dossier sevendrivers sasungUSB Drivers2_SiberianUninstall.exe
AddRemove-03_Swallowtail – d:dossier sevendrivers sasungUSB Drivers3_SwallowtailUninstall.exe
AddRemove-04_semseyite – d:dossier sevendrivers sasungUSB Drivers4_semseyiteUninstall.exe
AddRemove-07_Schorl – d:dossier sevendrivers sasungUSB Drivers7_SchorlUninstall.exe
AddRemove-09_Hsp – d:dossier sevendrivers sasungUSB Drivers9_HspUninstall.exe
AddRemove-11_HSP_Plus_Default – d:dossier sevendrivers sasungUSB Drivers11_HSP_Plus_DefaultUninstall.exe
AddRemove-16_Shrewsbury – d:dossier sevendrivers sasungUSB Drivers16_ShrewsburyUninstall.exe
AddRemove-20_NXP_Driver – d:dossier sevendrivers sasungUSB Drivers20_NXP_DriverUninstall.exe
AddRemove-24_flashusbdriver – d:dossier sevendrivers sasungUSB Drivers24_flashusbdriverUninstall.exe
AddRemove-25_escape – d:dossier sevendrivers sasungUSB Drivers25_escapeUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesnpggsvc]
“ImagePath”=”d:windowssystem32GameMon.des -service”
.


LOCKED REGISTRY KEYS


.
[HKEY_USERSS-1-5-21-3452680746-145448129-3087113149-1000_ClassesBitTorrentShellO(uQ*Q*ËeΘSb*_å‹B*T*‡eöN(*&*Q*)*Command]
@=””d:\dossier seven\qqq\QQDownload.exe” /BT=”%1″”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesBitTorrentShellO(uQ*Q*ËeΘSb*_å‹B*T*‡eöN(*&*Q*)*Command]
@=””d:\dossier seven\qqq\QQDownload.exe” /BT=”%1″”
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-06 19:30:14
ComboFix-quarantined-files.txt 2013-12-06 18:30
.
Pre-Run: 14,069,637,120 bytes free
Post-Run: 13,726,461,952 bytes free
.
– – End Of File – – AA7899BB52237FDC6906BBFC51CA59B3
A36C5E4F47E84449FF07ED3517B43A31