Répondre à : Mes données sur ma clé USB sont devenus des raccourcis 2016-09-08T13:05:23+00:00
Anonyme
Post count: 0

c’est fait! voici le compte-rendu:

ComboFix 13-09-02.02 - Seyma 04/09/2013   2:58.1.4 - x64 NETWORK
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.6007.4668 [GMT 1:00]
Lancé depuis: c:usersSeymaDesktopefoiurhgioehge.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:programdataRoaming
c:usersSeymaAppDataLocalMicrosoftWindowsTemporary Internet Files{5D4A6D66-E2C2-425F-B564-14A41B458B7A}.xps
c:usersSeymaAppDataLocalMicrosoftWindowsTemporary Internet Files{9C4767D0-21BE-43D4-8622-594BC726BB69}.xps
c:usersSeymaAppDataLocalMicrosoftWindowsTemporary Internet Files{E35FE38F-BA3A-46D6-93ED-53FAB5384C09}.xps
c:usersSeymaAppDataLocalMicrosoftWindowsTemporary Internet Files{E5F9F740-FCE6-4734-8790-292B387901BA}.xps
c:usersSeymaAppDataLocalMicrosoftWindowsTemporary Internet Files{EF571425-E904-4789-A1AF-F26454170A24}.xps
c:windowswininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-08-04 au 2013-09-04 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-04 02:01 . 2013-09-04 02:01

d
w- c:usersUpdatusUserAppDataLocaltemp
2013-09-04 02:01 . 2013-09-04 02:01
d
w- c:usersDefaultAppDataLocaltemp
2013-09-02 02:48 . 2013-09-02 02:48
d
w- c:usersSeymalicman
2013-09-02 02:47 . 2013-09-02 02:48
d
w- c:usersSeymafrc64
2013-09-02 02:47 . 2013-09-02 02:47
d
w- c:program files (x86)FILERECOVERY 2013 Enterprise
2013-09-01 23:15 . 2013-09-03 15:03
d
w- C:Pre_Scan
2013-09-01 21:49 . 2013-09-01 22:07
d
w- C:UsbFix
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-03 15:02 . 2013-03-07 20:05 151552 ----a-w- c:windowsKMSEmulator.exe
2013-08-22 14:16 . 2013-03-07 20:37 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2013-08-22 14:16 . 2013-03-07 20:37 692104 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2013-07-17 13:16 . 2013-07-17 13:16 82432 ----a-w- c:usersSeymaAppDataRoamingMicrosoftMSXML2msxml4r.dll
2013-07-17 13:16 . 2013-07-17 13:16 44544 ----a-w- c:usersSeymaAppDataRoamingMicrosoftMSXML2msxml4a.dll
2013-07-17 13:16 . 2013-07-17 13:16 348160 ----a-w- c:windowsSysWow64msvcr71.dll
2013-07-17 13:16 . 2013-07-17 13:16 1275392 ----a-w- c:usersSeymaAppDataRoamingMicrosoftMSXML2msxml4.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Skype"="c:program files (x86)SkypePhoneSkype.exe" [2013-06-21 19875432]
"Facebook Update"="c:usersSeymaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2013-07-10 138096]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"AVP"="c:program files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe" [2012-05-31 218880]
"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]
.
c:usersSeymaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Facebook Messenger.lnk - c:usersSeymaAppDataLocalFacebookMessenger2.1.4814.0FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kneps;kneps;c:windowssystem32DRIVERSkneps.sys;c:windowsSYSNATIVEDRIVERSkneps.sys [x]
R2 IAStorDataMgrSvc;Technologie de stockage Intel(R) Rapid;c:program files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe;c:program files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:program filesInteliCLS ClientHeciServer.exe;c:program filesInteliCLS ClientHeciServer.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:program files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe;c:program files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:program files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe;c:program files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [x]
R3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:windowssystem32DRIVERSAMPPAL.sys;c:windowsSYSNATIVEDRIVERSAMPPAL.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:windowssystem32driversbcbtums.sys;c:windowsSYSNATIVEdriversbcbtums.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:program files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe;c:program files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe [x]
R3 IntcDAud;Son Intel(R) pour écrans;c:windowssystem32DRIVERSIntcDAud.sys;c:windowsSYSNATIVEDRIVERSIntcDAud.sys [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:windowssystem32DRIVERSklkbdflt.sys;c:windowsSYSNATIVEDRIVERSklkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32DRIVERSklmouflt.sys;c:windowsSYSNATIVEDRIVERSklmouflt.sys [x]
R3 ose64;Office 64 Source Engine;c:program filesCommon FilesMicrosoft SharedSource EngineOSE.EXE;c:program filesCommon FilesMicrosoft SharedSource EngineOSE.EXE [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUVStor.sys;c:windowsSYSNATIVEDriversRtsUVStor.sys [x]
S0 FSProFilter;FSPro File Filter;c:windowsSystem32DriversFSPFltd.sys;c:windowsSYSNATIVEDriversFSPFltd.sys [x]
S0 iaStorA;iaStorA;c:windowssystem32DRIVERSiaStorA.sys;c:windowsSYSNATIVEDRIVERSiaStorA.sys [x]
S0 iaStorF;iaStorF;c:windowssystem32DRIVERSiaStorF.sys;c:windowsSYSNATIVEDRIVERSiaStorF.sys [x]
S0 LHDmgr;LHDmgr;c:windowsSystem32DRIVERSLhdX64.sys;c:windowsSYSNATIVEDRIVERSLhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:windowssystem32DRIVERSnvpciflt.sys;c:windowsSYSNATIVEDRIVERSnvpciflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys;c:windowsSYSNATIVEDRIVERSklim6.sys [x]
S1 kltdi;kltdi;c:windowssystem32DRIVERSkltdi.sys;c:windowsSYSNATIVEDRIVERSkltdi.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:windowssystem32DRIVERSAcpiVpc.sys;c:windowsSYSNATIVEDRIVERSAcpiVpc.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:windowssystem32DRIVERSiusb3hub.sys;c:windowsSYSNATIVEDRIVERSiusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:windowssystem32DRIVERSiusb3xhc.sys;c:windowsSYSNATIVEDRIVERSiusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-28 23:30 1177552 ----a-w- c:program files (x86)GoogleChromeApplication29.0.1547.62Installerchrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-04 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-03-07 14:16]
.
2013-09-03 c:windowsTasksAutoKMS.job
- c:windowsAutoKMSAutoKMS.exe [2013-03-07 20:06]
.
2013-08-28 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2007743307-614289416-151527787-1000Core.job
- c:usersSeymaAppDataLocalFacebookUpdateFacebookUpdate.exe [2013-03-08 07:40]
.
2013-09-03 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2007743307-614289416-151527787-1000UA.job
- c:usersSeymaAppDataLocalFacebookUpdateFacebookUpdate.exe [2013-03-08 07:40]
.
2013-09-03 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-04-26 13:10]
.
2013-09-04 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-04-26 13:10]
.
2013-09-03 c:windowsTasksISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:program files (x86)IntelIntel(R) ME FW Recovery AgentbinBootstrap.exe [2012-04-16 10:54]
.
2013-09-03 c:windowsTasksISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:program files (x86)IntelIntel(R) ME FW Recovery AgentbinBootstrap.exe [2012-04-16 10:54]
.
.
X64 Entries
.
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"BCSSync"="c:program filesMicrosoft OfficeOffice14BCSSync.exe" [2010-03-13 112512]
"mylbx"="c:program filesMy Lockboxmylbx.exe" [2012-02-13 2138432]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=c:windowsSystem32nvinitx.dll
.
Examen supplémentaire
.
uLocal Page = c:windowssystem32blank.htm
mLocal Page = c:windowsSysWOW64blank.htm
IE: &Envoyer à OneNote - c:progra~1MICROS~1Office14ONBttnIE.dll/105
IE: Download with &Media Finder - c:program files (x86)Media Finderhook.html
IE: E&xporter vers Microsoft Excel - c:progra~1MICROS~1Office14EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{0ecc6c22-c813-42ee-be3b-94bda0efe49f} - (no file)
BHO-{0ecc6c22-c813-42ee-be3b-94bda0efe49f} - (no file)
Toolbar-{0ecc6c22-c813-42ee-be3b-94bda0efe49f} - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:program files (x86)Media FinderMedia Finder.exe
Wow6432Node-HKCU-Run-Bubble Dock - c:usersSeymaAppDataRoamingNosibayBubble DockLBubble Dock.exe
Wow6432Node-HKLM-Run-Denzi - c:program files (x86)DenziDenzi.exe
.
.
.
CLES DE REGISTRE BLOQUEES
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-09-04 03:03:13
ComboFix-quarantined-files.txt 2013-09-04 02:03
.
Avant-CF: 477 663 850 496 octets libres
Après-CF: 477 746 302 976 octets libres
.
- - End Of File - - 0BAB6969218F2C7CE3A16AA919A60682
A36C5E4F47E84449FF07ED3517B43A31

[hr:2zxufnzv]

Invité a écrit:
c’est fait! voici le compte-rendu:

.
.
.
.
.
.
.
– – End Of File – – 0BAB6969218F2C7CE3A16AA919A60682
A36C5E4F47E84449FF07ED3517B43A31

c’était bien moi :)