FORUM D’ENTRAIDE INFORMATIQUE (FEI)Site d’assistance et de sécurité informatique

[aldarion90]

Bonsoir,
Apres un scan Malware Bytes,j'ai découvert des Stolen Data .
Je suis donc en mode sans echec,et vous prie de m'aider a supprimer les fichiers infectés .
voici donc le résultat du scan OTL

http://pjjoint.malekal.com/files.php?id ... _h9q9r69j8

Cordialement

[g3n-h@ckm@n]

salut il aurait été judicieux de mettre le rapport de malwarebytes aussi ^^

[aldarion90]

Re-bonjour,merci pour votre aide .
Je vous donne le rapport de suite

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Date de l'examen: 10/08/2014
Heure de l'examen: 19:33:23
Fichier journal:
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.08.10.04
Base de données Rootkits: v2014.08.04.01
Licence: Premium
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Larry

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 302205
Temps écoulé: 4 min, 5 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 0
(No malicious items detected)

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 1
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],

Fichiers: 68
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-18-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-19-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-20-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-21-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-22-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-23-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-05-31-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-01-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-02-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-03-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-04-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-05-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-06-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-09-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-10-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-12-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-15-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-16-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-17-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-18-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-19-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-20-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-21-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-22-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-23-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-24-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-25-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-26-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-27-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-29-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-30-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-01-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-03-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-04-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-05-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-06-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-07-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-08-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-09-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-10-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-11-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-12-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-13-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-14-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-15-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-16-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-17-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-18-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-19-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-23-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-24-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-25-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-27-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-28-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-29-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-30-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-31-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-01-6.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-03-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-04-2.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-05-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-06-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-07-5.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-09-7.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-08-10-1.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-06-11-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-02-4.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],
Stolen.Data, C:\Users\Larry\AppData\Roaming\dclogs\2014-07-22-3.dc, Mis en quarantaine, [05e7a51f0576de58c15e0ec8ce35b34d],

Secteurs physiques: 0
(No malicious items detected)


(end)


J'ai effectuer des suppressions manuelles dans le regedit,les fichiers concernant Mdscsc,mais je ne sais pas si cela suffit .

[g3n-h@ckm@n]

non tu as été victime d'un enregistreur de frappes , tout ce que tu as tapé au clavier et tes mots de passe ont été volés
suite à la desinfection tu changeras tous tes mots de passe internet

• Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
• Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
• Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
• Choisis l'option Nettoyage
  
  
• Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

[aldarion90]

############################## | UsbFix V 7.178 | [Nettoyage]

Utilisateur: Larry (Administrateur) # LARRY-PC
Mis à jour le 08/08/2014 par El Desaparecido - SosVirus
Lancé à 19:11:57 | 12/08/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

################## | System information |

MB: MSI (Z77A-G45 (MS-7752))
CPU: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
GC: NVIDIA GeForce GTX 660 Ti
GC: NVIDIA GeForce GTX 660 Ti
RAM - [Total : 8140 Mo | Free : 6024 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft™ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 10.00.9200.16521
WB: Opera : 23.0.1522.75

################## | Security Information |

AV: AVG Internet Security 2014 [Actif |A jour]
AS: Windows Defender [(!) Désactivé |A jour]
AS: AVG Internet Security 2014 [Actif |A jour]
FW: AVG Internet Security 2014 [Actif]
AS: Malwarebytes Anti-Malware : 2.0.2.1012
FW: Windows Firewall [(!) Désactivé]
SC: Security Center [Actif]
WU: Windows Update [Actif]

################## | Disk Information |

C:\ (%SystemDrive%) - Disque fixe # 112 Go (39 Go libre(s) - 35%) [] # NTFS
D:\ - Disque fixe # 391 Go (206 Go libre(s) - 53%) [Terra] # NTFS
E:\ - Disque fixe # 541 Go (234 Go libre(s) - 43%) [Hera] # NTFS

################## | Autorun |


################## | Recherche générique |


(!) Fichiers temporaires supprimés. (0.062626838684082 MB)

################## | Registre |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
04 - [x64] HKLM\..\Run : [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
04 - [x64] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - [x64] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - [x64] HKLM\..\Run : [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
04 - [x64] HKLM\..\Run : [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
04 - [x64] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | UsbFix - Information |

Info : Comment supprimer l'infection des raccourcis sur USB ? (Video)
Info : L'infection des raccourcis USB, c'est quoi ?

################## | Hijack |


################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |

[11/08/2014 - 11:47:15 | ASH | 8335648 Ko] - C:\pagefile.sys
[14/01/2014 - 17:28:52 | A | 0 Ko] - C:\console.log
[19/08/2013 - 19:52:02 | SHD] - C:\$Recycle.Bin
[10/08/2014 - 19:47:40 | A | 1 Ko] - C:\PhysicalMBR.bin
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[19/08/2013 - 19:51:58 | SHD] - C:\Recovery
[19/08/2013 - 20:05:52 | D] - C:\Driver_allOS
[16/09/2013 - 12:41:11 | RHD] - C:\MSOCache
[27/11/2013 - 10:38:14 | D] - C:\$AVG
[20/12/2013 - 10:25:03 | RD] - C:\Users
[20/02/2014 - 13:10:03 | D] - C:\SteamLibrary
[04/03/2014 - 18:09:16 | D] - C:\Olivetti
[30/07/2014 - 20:23:55 | D] - C:\ArcheAge
[05/08/2014 - 19:50:09 | RD] - C:\Program Files
[06/08/2014 - 13:14:03 | D] - C:\ArcheAge0
[10/08/2014 - 19:27:04 | D] - C:\AdwCleaner
[10/08/2014 - 20:41:51 | SHD] - C:\System Volume Information
[10/08/2014 - 20:43:09 | RD] - C:\Program Files (x86)
[11/08/2014 - 16:23:17 | D] - C:\Windows
[11/08/2014 - 21:15:18 | HD] - C:\ProgramData
[12/08/2014 - 19:11:52 | D] - C:\UsbFix

################## | D:\ - Disque Fixe (NTFS) |

[02/07/2014 - 13:37:14 | A | 1 Ko] - D:\Entreprises Logistique.txt
[19/08/2013 - 19:52:02 | SHD] - D:\$RECYCLE.BIN
[10/08/2014 - 19:31:18 | D] - D:\Malwarebytes Anti-Malware Premium 2.0.1.1004
[10/05/2013 - 16:47:21 | SHD] - D:\System Volume Information
[15/08/2013 - 16:53:46 | D] - D:\Update
[30/04/2014 - 15:44:10 | D] - D:\Wallpapers
[01/05/2014 - 12:09:17 | D] - D:\Programmes files
[05/08/2014 - 23:22:43 | D] - D:\Program Files (x86)
[12/08/2014 - 19:11:29 | D] - D:\1437739059

################## | E:\ - Disque Fixe (NTFS) |

[22/06/2014 - 22:45:37 | D] - E:\msdownld.tmp
[19/08/2013 - 19:52:02 | SHD] - E:\$RECYCLE.BIN
[29/06/2011 - 13:38:44 | SHD] - E:\System Volume Information
[29/02/2012 - 20:22:26 | D] - E:\$AVG
[13/07/2013 - 09:04:29 | D] - E:\Jdc
[13/07/2013 - 09:09:21 | D] - E:\Lol
[26/03/2014 - 18:08:16 | D] - E:\Software
[01/04/2014 - 18:24:52 | D] - E:\Music
[21/05/2014 - 10:24:06 | D] - E:\Series
[07/07/2014 - 16:38:40 | D] - E:\Lettres
[12/08/2014 - 19:11:44 | D] - E:\Anime

################## | Vaccin |

C:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |


Merci !
J'ai déjà changé mes mots de passe,dois-je le refaire ?
Cordialement

[aldarion90]

Rapport Combo Fix
ComboFix 14-08-12.01 - Larry 13/08/2014 15:33:07.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8140.4895 [GMT 2:00]
Lancé depuis: c:\users\Larry\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\programdata\ma-config.com . . . . impossible à supprimer
c:\programdata\ma-config.com\Logs\maconfservice.txt . . . . impossible à supprimer
c:\programdata\ma-config.com\Logs\websocketpp.log . . . . impossible à supprimer
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-07-13 au 2014-08-13 ))))))))))))))))))))))))))))))))))))
.
.
2014-08-13 11:15 . 2014-08-13 11:15 -------- d-----w- c:\program files (x86)\Eidos Interactive
2014-08-12 17:39 . 2014-08-12 17:39 -------- d-----w- c:\users\Larry\AppData\Local\Risen3
2014-08-12 17:06 . 2014-08-13 11:11 -------- d-----w- C:\UsbFix
2014-08-11 19:15 . 2014-08-11 19:15 -------- d-----w- c:\programdata\Avg_Update_0614i
2014-08-10 18:43 . 2014-08-10 18:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-10 18:43 . 2014-08-10 18:43 -------- d-----r- c:\program files (x86)\Skype
2014-08-10 18:42 . 2014-08-10 18:42 -------- d-----w- c:\windows\system32\MRT
2014-08-10 17:47 . 2014-08-10 17:47 512 ----a-w- C:\PhysicalMBR.bin
2014-08-10 17:32 . 2014-08-13 11:29 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-10 17:32 . 2014-08-10 17:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-10 17:32 . 2014-08-10 17:32 -------- d-----w- c:\programdata\Malwarebytes
2014-08-10 17:32 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-10 17:32 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-10 17:32 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-10 17:26 . 2014-08-10 17:27 -------- d-----w- C:\AdwCleaner
2014-08-10 17:08 . 2014-08-10 17:08 -------- d-----w- c:\users\Larry\AppData\Roaming\AVG
2014-08-10 17:08 . 2014-08-10 17:08 -------- d-----w- c:\users\Larry\AppData\Local\AVG
2014-08-10 17:08 . 2014-08-10 17:10 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-10 17:08 . 2014-08-10 17:09 -------- d-----w- c:\programdata\AVG
2014-08-07 10:21 . 2014-08-07 10:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-07 10:21 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 10:46 . 2014-08-05 10:46 -------- d-----w- c:\users\Larry\AppData\Local\CDWLauncher
2014-08-05 10:44 . 2014-08-05 10:44 -------- d-----w- c:\windows\Migration
2014-07-30 18:23 . 2014-07-30 18:23 -------- d-----w- C:\ArcheAge
2014-07-29 14:51 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-25 15:53 . 2014-07-25 16:30 -------- d-----w- c:\users\Larry\AppData\Local\Razer
2014-07-25 15:53 . 2014-07-25 16:30 -------- d-----w- c:\programdata\Razer
2014-07-23 21:48 . 2014-07-23 21:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-07-23 17:28 . 2014-07-23 17:28 -------- d-----w- c:\users\Larry\AppData\Local\Skype
2014-07-23 17:28 . 2014-08-10 18:43 -------- d-----w- c:\programdata\Skype
2014-07-18 11:56 . 2014-07-18 11:56 -------- d-----w- c:\users\Larry\AppData\Local\Glyph
2014-07-18 11:56 . 2014-07-18 11:56 -------- d-----w- c:\programdata\Glyph
2014-07-18 11:56 . 2014-08-03 16:00 -------- d-----w- c:\program files (x86)\Glyph
2014-07-17 22:07 . 2014-07-17 22:07 -------- d-----w- c:\programdata\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 13:50 . 2014-06-02 15:13 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-10-29 13:17 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-02 15:13 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-10-29 13:17 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-08 20:37 . 2013-10-01 14:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:37 . 2013-10-01 14:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-04 15:14 . 2014-07-04 15:14 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2014-07-04 15:14 . 2014-07-04 15:14 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2014-07-02 20:48 . 2014-03-11 10:29 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2013-08-19 17:58 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2013-08-19 17:58 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2013-08-19 17:58 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2013-08-19 17:58 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2013-08-19 17:58 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2013-08-19 17:58 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2013-08-19 17:58 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2013-08-19 17:59 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2013-08-19 17:59 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2013-08-19 17:59 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2013-08-19 17:59 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2013-08-19 17:59 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2013-08-19 17:59 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2013-08-19 17:59 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-30 10:43 . 2014-06-30 10:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-05-20 02:44 . 2014-05-31 16:16 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-31 16:16 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2010-08-03 09:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 09:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-18 292088]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ma-config_amd64;ma-config_amd64;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 WSDScan;Prise en charge de la numérisation WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgfws;Pare-feu AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-01 20:37]
.
2014-08-13 c:\windows\Tasks\EPSON XP-212 213 Series Invitation {D0EE2506-3B5B-46FE-8A69-CBCFF2050E0C}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-06-02 23:20]
.
2014-08-13 c:\windows\Tasks\EPSON XP-212 213 Series Update {D0EE2506-3B5B-46FE-8A69-CBCFF2050E0C}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-06-02 23:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2013-03-22 776480]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Export to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: ma-config.com
Trusted Zone: touslesdrivers.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C479A112-6A20-435F-AD57-711D1D9161D2}: NameServer = 208.67.220.220,208.67.222.222,192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-RIFT - c:\program files (x86)\RIFT\riftuninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Heure de fin: 2014-08-13 15:38:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-08-13 13:38
.
Avant-CF: 29 111 185 408 octets libres
Après-CF: 28 272 529 408 octets libres
.
- - End Of File - - 1114DB19593C9563CFA99F2072B7700D
A36C5E4F47E84449FF07ED3517B43A31

[g3n-h@ckm@n]

Bonsoir

tu aurais du me dire que windows updates ne fonctionnait plus de surcroît, j'aurais pris une autre direction

   

• Seuls ces liens sont officiels ne pas télécharger l'outil sur d'autres liens !    Note : Pendant le scan le bureau peut disparaître à plusieurs reprises    
• Désactive toutes tes protections si possible, antivirus, sandbox, pare-feux ... ( Aide )
  
     
• Télécharge Pre_Scan sur ton bureau !
  
  
     
• Si le lien n'est pas fonctionnel :
     
• #ICI (renommé winlogon)

   


   
[*]Si l'outil est bloqué par l'infection essaye avec d'autres extensions :
   

[*]#SCR
   
[*]#PIF
   
[*]#COM


   
[*]Si des Proxy sont détectés et que tu n'en as pas installé :
   

[*]Clique sur Supprimer le Proxy


   
[*]A la fin du scan, rends toi à la racine de ton disque dur ( C:\ )
   
[*]Héberge le rapport Pre_Scan¤¤¤¤¤¤¤¤¤.txt sur http://cjoint.com puis donne le lien