Stolen Data

Bonsoir

tu aurais du me dire que windows updates ne fonctionnait plus de surcroît, j'aurais pris une autre direction

Seuls ces liens sont officiels ne pas télécharger l'outil sur d'autres liens ! Note : Pendant le scan le bureau peut disparaître à plusieurs reprises
Désactive toutes tes protections si possible, antivirus, sandbox, pare-feux ... ( Aide )
Télécharge Pre_Scan sur ton bureau !
Si le lien n'est pas fonctionnel :
#ICI (renommé winlogon)

[*]Si l'outil est bloqué par l'infection essaye avec d'autres extensions :

[*]#SCR

[*]#PIF

[*]#COM

[*]Si des Proxy sont détectés et que tu n'en as pas installé :

[*]Clique sur Supprimer le Proxy

[*]A la fin du scan, rends toi à la racine de ton disque dur ( C:\ )

[*]Héberge le rapport Pre_Scan¤¤¤¤¤¤¤¤¤.txt sur http://cjoint.com puis donne le lien

Rapport Combo Fix
ComboFix 14-08-12.01 - Larry 13/08/2014 15:33:07.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8140.4895 [GMT 2:00]
Lancé depuis: c:\users\Larry\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\programdata\ma-config.com . . . . impossible à supprimer
c:\programdata\ma-config.com\Logs\maconfservice.txt . . . . impossible à supprimer
c:\programdata\ma-config.com\Logs\websocketpp.log . . . . impossible à supprimer
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-07-13 au 2014-08-13 ))))))))))))))))))))))))))))))))))))
.
.
2014-08-13 11:15 . 2014-08-13 11:15 -------- d-----w- c:\program files (x86)\Eidos Interactive
2014-08-12 17:39 . 2014-08-12 17:39 -------- d-----w- c:\users\Larry\AppData\Local\Risen3
2014-08-12 17:06 . 2014-08-13 11:11 -------- d-----w- C:\UsbFix
2014-08-11 19:15 . 2014-08-11 19:15 -------- d-----w- c:\programdata\Avg_Update_0614i
2014-08-10 18:43 . 2014-08-10 18:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-10 18:43 . 2014-08-10 18:43 -------- d-----r- c:\program files (x86)\Skype
2014-08-10 18:42 . 2014-08-10 18:42 -------- d-----w- c:\windows\system32\MRT
2014-08-10 17:47 . 2014-08-10 17:47 512 ----a-w- C:\PhysicalMBR.bin
2014-08-10 17:32 . 2014-08-13 11:29 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-10 17:32 . 2014-08-10 17:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-10 17:32 . 2014-08-10 17:32 -------- d-----w- c:\programdata\Malwarebytes
2014-08-10 17:32 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-10 17:32 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-10 17:32 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-10 17:26 . 2014-08-10 17:27 -------- d-----w- C:\AdwCleaner
2014-08-10 17:08 . 2014-08-10 17:08 -------- d-----w- c:\users\Larry\AppData\Roaming\AVG
2014-08-10 17:08 . 2014-08-10 17:08 -------- d-----w- c:\users\Larry\AppData\Local\AVG
2014-08-10 17:08 . 2014-08-10 17:10 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-10 17:08 . 2014-08-10 17:09 -------- d-----w- c:\programdata\AVG
2014-08-07 10:21 . 2014-08-07 10:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-07 10:21 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 10:46 . 2014-08-05 10:46 -------- d-----w- c:\users\Larry\AppData\Local\CDWLauncher
2014-08-05 10:44 . 2014-08-05 10:44 -------- d-----w- c:\windows\Migration
2014-07-30 18:23 . 2014-07-30 18:23 -------- d-----w- C:\ArcheAge
2014-07-29 14:51 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-25 15:53 . 2014-07-25 16:30 -------- d-----w- c:\users\Larry\AppData\Local\Razer
2014-07-25 15:53 . 2014-07-25 16:30 -------- d-----w- c:\programdata\Razer
2014-07-23 21:48 . 2014-07-23 21:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-07-23 17:28 . 2014-07-23 17:28 -------- d-----w- c:\users\Larry\AppData\Local\Skype
2014-07-23 17:28 . 2014-08-10 18:43 -------- d-----w- c:\programdata\Skype
2014-07-18 11:56 . 2014-07-18 11:56 -------- d-----w- c:\users\Larry\AppData\Local\Glyph
2014-07-18 11:56 . 2014-07-18 11:56 -------- d-----w- c:\programdata\Glyph
2014-07-18 11:56 . 2014-08-03 16:00 -------- d-----w- c:\program files (x86)\Glyph
2014-07-17 22:07 . 2014-07-17 22:07 -------- d-----w- c:\programdata\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 13:50 . 2014-06-02 15:13 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-10-29 13:17 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-02 15:13 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-10-29 13:17 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-08 20:37 . 2013-10-01 14:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:37 . 2013-10-01 14:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-04 15:14 . 2014-07-04 15:14 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2014-07-04 15:14 . 2014-07-04 15:14 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2014-07-02 20:48 . 2014-03-11 10:29 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2013-08-19 17:58 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2013-08-19 17:58 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2013-08-19 17:58 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2013-08-19 17:58 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2013-08-19 17:58 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2013-08-19 17:58 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2013-08-19 17:58 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2013-08-19 17:59 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2013-08-19 17:59 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2013-08-19 17:59 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2013-08-19 17:59 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2013-08-19 17:59 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2013-08-19 17:59 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2013-08-19 17:59 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-30 10:43 . 2014-06-30 10:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-05-20 02:44 . 2014-05-31 16:16 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-31 16:16 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2010-08-03 09:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 09:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-18 292088]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ma-config_amd64;ma-config_amd64;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 WSDScan;Prise en charge de la numérisation WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgfws;Pare-feu AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-01 20:37]
.
2014-08-13 c:\windows\Tasks\EPSON XP-212 213 Series Invitation {D0EE2506-3B5B-46FE-8A69-CBCFF2050E0C}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-06-02 23:20]
.
2014-08-13 c:\windows\Tasks\EPSON XP-212 213 Series Update {D0EE2506-3B5B-46FE-8A69-CBCFF2050E0C}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-06-02 23:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2013-03-22 776480]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Export to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: ma-config.com
Trusted Zone: touslesdrivers.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C479A112-6A20-435F-AD57-711D1D9161D2}: NameServer = 208.67.220.220,208.67.222.222,192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-RIFT - c:\program files (x86)\RIFT\riftuninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Heure de fin: 2014-08-13 15:38:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-08-13 13:38
.
Avant-CF: 29 111 185 408 octets libres
Après-CF: 28 272 529 408 octets libres
.
- - End Of File - - 1114DB19593C9563CFA99F2072B7700D
A36C5E4F47E84449FF07ED3517B43A31

############################## | UsbFix V 7.178 | [Nettoyage]

Utilisateur: Larry (Administrateur) # LARRY-PC
Mis à jour le 08/08/2014 par El Desaparecido - SosVirus
Lancé à 19:11:57 | 12/08/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

################## | System information |

MB: MSI (Z77A-G45 (MS-7752))
CPU: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
GC: NVIDIA GeForce GTX 660 Ti
GC: NVIDIA GeForce GTX 660 Ti
RAM - [Total : 8140 Mo | Free : 6024 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft™ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 10.00.9200.16521
WB: Opera : 23.0.1522.75

################## | Security Information |

AV: AVG Internet Security 2014 [Actif |A jour]
AS: Windows Defender [(!) Désactivé |A jour]
AS: AVG Internet Security 2014 [Actif |A jour]
FW: AVG Internet Security 2014 [Actif]
AS: Malwarebytes Anti-Malware : 2.0.2.1012
FW: Windows Firewall [(!) Désactivé]
SC: Security Center [Actif]
WU: Windows Update [Actif]

################## | Disk Information |

C:\ (%SystemDrive%) - Disque fixe # 112 Go (39 Go libre(s) - 35%) [] # NTFS
D:\ - Disque fixe # 391 Go (206 Go libre(s) - 53%) [Terra] # NTFS
E:\ - Disque fixe # 541 Go (234 Go libre(s) - 43%) [Hera] # NTFS

################## | Autorun |

################## | Recherche générique |

(!) Fichiers temporaires supprimés. (0.062626838684082 MB)

################## | Registre |

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
04 - [x64] HKLM\..\Run : [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
04 - [x64] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - [x64] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - [x64] HKLM\..\Run : [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
04 - [x64] HKLM\..\Run : [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
04 - [x64] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | UsbFix - Information |

Info : Comment supprimer l'infection des raccourcis sur USB ? (Video)
Info : L'infection des raccourcis USB, c'est quoi ?

################## | Hijack |

################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |

[11/08/2014 - 11:47:15 | ASH | 8335648 Ko] - C:\pagefile.sys
[14/01/2014 - 17:28:52 | A | 0 Ko] - C:\console.log
[19/08/2013 - 19:52:02 | SHD] - C:\$Recycle.Bin
[10/08/2014 - 19:47:40 | A | 1 Ko] - C:\PhysicalMBR.bin
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[19/08/2013 - 19:51:58 | SHD] - C:\Recovery
[19/08/2013 - 20:05:52 | D] - C:\Driver_allOS
[16/09/2013 - 12:41:11 | RHD] - C:\MSOCache
[27/11/2013 - 10:38:14 | D] - C:\$AVG
[20/12/2013 - 10:25:03 | RD] - C:\Users
[20/02/2014 - 13:10:03 | D] - C:\SteamLibrary
[04/03/2014 - 18:09:16 | D] - C:\Olivetti
[30/07/2014 - 20:23:55 | D] - C:\ArcheAge
[05/08/2014 - 19:50:09 | RD] - C:\Program Files
[06/08/2014 - 13:14:03 | D] - C:\ArcheAge0
[10/08/2014 - 19:27:04 | D] - C:\AdwCleaner
[10/08/2014 - 20:41:51 | SHD] - C:\System Volume Information
[10/08/2014 - 20:43:09 | RD] - C:\Program Files (x86)
[11/08/2014 - 16:23:17 | D] - C:\Windows
[11/08/2014 - 21:15:18 | HD] - C:\ProgramData
[12/08/2014 - 19:11:52 | D] - C:\UsbFix

################## | D:\ - Disque Fixe (NTFS) |

[02/07/2014 - 13:37:14 | A | 1 Ko] - D:\Entreprises Logistique.txt
[19/08/2013 - 19:52:02 | SHD] - D:\$RECYCLE.BIN
[10/08/2014 - 19:31:18 | D] - D:\Malwarebytes Anti-Malware Premium 2.0.1.1004
[10/05/2013 - 16:47:21 | SHD] - D:\System Volume Information
[15/08/2013 - 16:53:46 | D] - D:\Update
[30/04/2014 - 15:44:10 | D] - D:\Wallpapers
[01/05/2014 - 12:09:17 | D] - D:\Programmes files
[05/08/2014 - 23:22:43 | D] - D:\Program Files (x86)
[12/08/2014 - 19:11:29 | D] - D:\1437739059

################## | E:\ - Disque Fixe (NTFS) |

[22/06/2014 - 22:45:37 | D] - E:\msdownld.tmp
[19/08/2013 - 19:52:02 | SHD] - E:\$RECYCLE.BIN
[29/06/2011 - 13:38:44 | SHD] - E:\System Volume Information
[29/02/2012 - 20:22:26 | D] - E:\$AVG
[13/07/2013 - 09:04:29 | D] - E:\Jdc
[13/07/2013 - 09:09:21 | D] - E:\Lol
[26/03/2014 - 18:08:16 | D] - E:\Software
[01/04/2014 - 18:24:52 | D] - E:\Music
[21/05/2014 - 10:24:06 | D] - E:\Series
[07/07/2014 - 16:38:40 | D] - E:\Lettres
[12/08/2014 - 19:11:44 | D] - E:\Anime

################## | Vaccin |

C:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

Merci !
J'ai déjà changé mes mots de passe,dois-je le refaire ?
Cordialement

non tu as été victime d'un enregistreur de frappes , tout ce que tu as tapé au clavier et tes mots de passe ont été volés
suite à la desinfection tu changeras tous tes mots de passe internet

Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Choisis l'option Nettoyage
Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

Re-bonjour,merci pour votre aide .
Je vous donne le rapport de suite

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Date de l'examen: 10/08/2014
Heure de l'examen: 19:33:23
Fichier journal:
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.08.10.04
Base de données Rootkits: v2014.08.04.01
Licence: Premium
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Larry

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 302205
Temps écoulé: 4 min, 5 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 0
(No malicious items detected)

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 1
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],

Fichiers: 68
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-18-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-19-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-20-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-21-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-22-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-23-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-31-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-01-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-02-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-03-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-04-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-05-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-06-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-09-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-10-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-12-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-15-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-16-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-17-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-18-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-19-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-20-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-21-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-22-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-23-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-24-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-25-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-26-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-27-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-29-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-30-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-01-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-03-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-04-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-05-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-06-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-07-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-08-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-09-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-10-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-11-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-12-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-13-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-14-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-15-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-16-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-17-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-18-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-19-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-23-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-24-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-25-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-27-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-28-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-29-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-30-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-31-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-01-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-03-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-04-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-05-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-06-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-07-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-09-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-10-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-11-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-02-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-22-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],

Secteurs physiques: 0
(No malicious items detected)

(end)

J'ai effectuer des suppressions manuelles dans le regedit,les fichiers concernant Mdscsc,mais je ne sais pas si cela suffit .

salut il aurait été judicieux de mettre le rapport de malwarebytes aussi ^^

Bonsoir,
Apres un scan Malware Bytes,j'ai découvert des Stolen Data .
Je suis donc en mode sans echec,et vous prie de m'aider a supprimer les fichiers infectés .
voici donc le résultat du scan OTL

http://pjjoint.malekal.com/files.php?id ... _h9q9r69j8

Cordialement

FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Stolen Data

Répondre

Revue du sujet : Stolen Data Étendre la vue

Stolen Data#142180

Stolen Data#141849

Stolen Data#141725

Stolen Data#141620

Stolen Data#141499

Stolen Data#141428

Stolen Data#141389

Prob installation windows 11

Blog Marketing digital et fidélisation clients

Présentation

Refonte d’un petit site vitrine : avis sur les options simples pour un indépendant ?

Forum d'Entraide Informatique (FEI)

Nous suivre sur Twitter @forumFEI

FORUM D’ENTRAIDE INFORMATIQUE (FEI)Site d’assistance et de sécurité informatique

Répondre

Revue du sujet : Stolen Data Étendre la vue

Forum d'Entraide Informatique (FEI)

FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique