Sujet Précédent Sujet Suivant

C:\google\Autolt3.exe introuvable

Résolu/Fermé
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014 - 16 juil. 2014 à 23:36
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014 - 18 juil. 2014 à 18:27
Bonsoir
voila, je suis en galère depuis que mon frère a connecté une clé usb infectée du virus vbe, après analyse avec malwarebytes anti-malware, mon ordi affiche dans une fenêtre après démarrage "c:\google\Autolt3.exe" Windows ne trouve pas le fichier avec une deuxième fenêtre ms-dos qui affiche Windows udpate, je ne sais pas que faire, j'ai vraiment besoin d'aides svp.

voila le rapport OTL

OTL logfile created on: 16/07/2014 22:15:04 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Administrateur\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,17 Mb Total Physical Memory | 87,77 Mb Available Physical Memory | 9,82% Memory free
2,80 Gb Paging File | 1,89 Gb Available in Paging File | 67,28% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 55,98 Gb Total Space | 8,72 Gb Free Space | 15,58% Space Free | Partition Type: NTFS
Drive D: | 55,80 Gb Total Space | 20,68 Gb Free Space | 37,07% Space Free | Partition Type: NTFS

Computer Name: MANADJA-3497EBC | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/07/16 21:08:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrateur\Mes documents\Téléchargements\OTL-.exe
PRC - [2014/07/03 23:50:40 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe
PRC - [2014/06/25 23:51:07 | 000,275,568 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/06/12 09:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) -- D:\Program Files\CyberGhost 5\Service.exe
PRC - [2014/06/12 09:02:08 | 000,404,080 | ---- | M] (CyberGhost S.R.L.) -- D:\Program Files\CyberGhost 5\CyberGhost.exe
PRC - [2014/06/09 12:50:16 | 003,731,512 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- D:\Program Files\SoftEther VPN Client\vpncmgr.exe
PRC - [2014/06/09 12:50:16 | 003,540,536 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- D:\Program Files\SoftEther VPN Client\vpnclient.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2011/11/15 05:50:22 | 000,312,376 | ---- | M] (Power Software Ltd) -- D:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/12 07:24:34 | 001,916,416 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/06/11 12:15:40 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- D:\WINDOWS\system32\S3Trayp.exe
PRC - [2006/10/05 20:56:28 | 000,280,779 | ---- | M] () -- D:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2006/09/21 17:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\system32\VTTimer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/06/25 23:51:04 | 003,852,912 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/06/10 16:37:07 | 008,007,680 | ---- | M] () -- D:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/05/30 03:06:42 | 000,400,896 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
MOD - [2014/05/30 03:05:48 | 011,791,360 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2014/05/30 03:05:31 | 000,627,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2014/05/30 03:05:30 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2014/05/30 03:05:14 | 000,140,800 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
MOD - [2014/05/30 03:05:13 | 000,627,712 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2014/05/30 03:03:38 | 000,676,352 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
MOD - [2014/05/30 03:03:33 | 000,970,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2014/05/30 03:03:26 | 000,025,600 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
MOD - [2014/05/30 02:01:53 | 000,255,488 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
MOD - [2014/05/30 02:01:30 | 017,313,792 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\19644a754454916a619b68315e50b428\System.ServiceModel.ni.dll
MOD - [2014/05/30 01:59:28 | 002,338,304 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
MOD - [2014/05/30 01:59:06 | 001,056,768 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
MOD - [2014/05/30 01:58:42 | 005,449,728 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2014/05/30 01:58:18 | 012,428,800 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2014/05/30 01:57:11 | 001,587,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2014/05/30 01:55:40 | 002,294,784 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
MOD - [2014/05/30 01:52:12 | 007,867,392 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2014/05/30 01:51:55 | 011,485,184 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2014/05/30 01:50:29 | 000,499,712 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2014/05/30 01:50:17 | 000,311,296 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2014/05/30 01:50:15 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2014/05/30 01:50:12 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2014/05/30 01:46:42 | 000,303,104 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/05/30 01:46:41 | 000,261,632 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/04/30 09:53:32 | 000,032,768 | ---- | M] () -- D:\Program Files\CyberGhost 5\fr\CyberGhost.resources.dll
MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- D:\WINDOWS\system32\PrxerNsp.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- D:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/12 07:24:34 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/23 00:01:42 | 000,026,576 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vshell32.dll
MOD - [2008/03/23 00:01:40 | 000,040,400 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vuser32.dll
MOD - [2008/03/23 00:01:40 | 000,011,216 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vuxtheme.dll
MOD - [2008/03/23 00:01:36 | 000,082,384 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vntdll.dll
MOD - [2008/03/23 00:01:36 | 000,058,320 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vkernel32.dll
MOD - [2008/03/23 00:01:34 | 000,039,424 | ---- | M] () -- D:\Program Files\Alky for Applications\vshellext.dll
MOD - [2008/03/23 00:01:34 | 000,019,920 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vmsvcrt.dll
MOD - [2008/03/23 00:01:32 | 000,046,032 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vadvapi32.dll
MOD - [2008/03/23 00:01:30 | 000,047,056 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vgdiplus.dll
MOD - [2008/03/23 00:01:30 | 000,008,144 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vdwmapi.dll
MOD - [2008/03/23 00:00:36 | 000,096,208 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vcomctl32.dll
MOD - [2008/03/23 00:00:10 | 000,040,960 | ---- | M] () -- D:\Program Files\Alky for Applications\vclasses.dll
MOD - [2006/10/05 20:56:28 | 000,280,779 | ---- | M] () -- D:\WINDOWS\VistaDrive\VistaDrive.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- D:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe -- (ptservice)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/07/10 16:25:32 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 23:51:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/12 09:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- D:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV - [2014/06/09 12:50:16 | 003,540,536 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Auto | Running] -- D:\Program Files\SoftEther VPN Client\vpnclient.exe -- (SEVPNCLIENT)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/02 10:47:30 | 000,032,568 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- D:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/07/16 22:10:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/19 15:56:54 | 000,025,824 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Neo_0095.sys -- (Neo_VPN)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/16 02:45:58 | 000,032,872 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tapstrong.sys -- (tapstrong)
DRV - [2013/08/22 14:40:22 | 000,035,288 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/12/19 05:40:36 | 000,034,344 | ---- | M] (DrayTek, Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\VPPP.sys -- (VPPP)
DRV - [2011/11/15 05:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/12/16 22:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/12/16 22:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/07/11 14:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/06/06 16:38:54 | 000,201,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2003/07/02 10:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl

IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 36507331
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "https://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&gws_rd=ssl"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins

[2014/04/04 22:16:40 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2014/07/15 16:02:14 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mbjoldr7.default\extensions
[2014/06/25 23:50:48 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/25 23:51:08 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/01/12 07:24:34 | 000,000,790 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [bin_16347694874825 (3)] wscript.exe //B "D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe" File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [S3Trayp] D:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SoftEther VPN Client UI Helper] D:\Program Files\SoftEther VPN Client\vpnclient.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4 - HKLM..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKLM..\Run: [VTTimer] D:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [bin_16347694874825 (3)] wscript.exe //B "D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe" File not found
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [ClubMessenger] File not found
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [CyberGhost] D:\Program Files\CyberGhost 5\CyberGhost.EXE (CyberGhost S.R.L.)
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [OfficeSyncProcess] D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [uTorrent] D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe ()
O4 - Startup: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4 - Startup: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk = D:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O8 - Extra context menu item: &Envoyer à OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\PrxerDrv.dll (Initex)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EDBE94A-9832-451C-A2AF-BEB7CC0126E7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (TeChNi-AmEcO)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/04 15:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "D:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - D:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv41 - ir41_32.ax File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to D:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/07/16 20:44:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/07/16 20:24:04 | 000,000,000 | ---D | C] -- D:\_OTL
[2014/07/16 18:01:34 | 000,000,000 | ---D | C] -- D:\d3789a5aa6bb7c160fa1dd59
[2014/07/16 17:31:36 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2014/07/16 17:31:36 | 000,000,000 | ---D | C] -- D:\rsit
[2014/07/16 16:18:57 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/16 16:18:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware
[2014/07/16 16:18:07 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/07/16 16:18:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2014/07/16 16:18:06 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes Anti-Malware
[2014/07/16 16:18:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/07/15 06:38:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Application Data\Panda Security
[2014/07/15 06:37:06 | 000,000,000 | ---D | C] -- D:\Program Files\Panda Security
[2014/07/15 06:08:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2014/07/15 03:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/14 16:44:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Kaspersky Lab Setup Files
[2014/07/14 11:10:31 | 000,000,000 | RHSD | C] -- D:\Skypee
[2014/07/14 01:45:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Mes documents\GTA Vice City User Files
[2014/07/13 22:26:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Bureau\Grand Theft Auto Vice City Modern Mod
[2014/07/13 22:25:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Bureau\NFSMW
[2014/07/10 15:05:21 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrateur\Recent
[2014/07/07 20:47:21 | 000,000,000 | ---D | C] -- D:\Program Files\TAP-Windows
[2014/07/07 20:47:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\TAP-Windows
[2014/07/07 20:47:20 | 000,000,000 | ---D | C] -- D:\Program Files\OpenVPN
[2014/07/07 20:47:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenVPN
[2014/07/07 20:45:14 | 000,000,000 | ---D | C] -- D:\Program Files\OpenVPN Technologies
[2014/07/07 03:25:43 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrateur\IECompatCache
[2014/06/28 03:05:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities
[2014/06/25 23:50:47 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2014/06/18 03:01:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2014/06/18 03:01:51 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2014/06/17 15:45:30 | 000,032,872 | ---- | C] (The OpenVPN Project) -- D:\WINDOWS\System32\drivers\tapstrong.sys
[2014/06/17 15:35:42 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ReinstallBackups
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/07/16 22:19:17 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/16 22:18:37 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin
[2014/07/16 22:10:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/16 21:56:51 | 000,001,068 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/16 21:56:48 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2014/07/16 21:56:47 | 937,676,800 | -HS- | M] () -- D:\hiberfil.sys
[2014/07/16 21:41:07 | 000,001,072 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/16 20:46:44 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2014/07/16 20:46:16 | 000,002,324 | ---- | M] () -- D:\WINDOWS\epplauncher.mif
[2014/07/16 16:18:12 | 000,000,777 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014/07/16 02:40:50 | 000,104,448 | ---- | M] () -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/15 16:03:53 | 000,272,576 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/15 07:07:53 | 000,000,539 | ---- | M] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk
[2014/07/15 07:07:52 | 000,000,655 | ---- | M] () -- D:\Program Files\Program Files.lnk
[2014/07/15 07:07:52 | 000,000,637 | ---- | M] () -- D:\WINDOWS\WINDOWS.lnk
[2014/07/15 00:29:39 | 000,263,868 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\N'GUESSAN EMILE.pdf
[2014/07/14 12:56:19 | 000,014,787 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\photo 007.jpg
[2014/07/14 12:46:16 | 000,010,942 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 006.JPG
[2014/07/14 12:26:07 | 000,012,249 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 005.jpg
[2014/07/14 12:01:23 | 000,002,561 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\Microsoft Word 2010.lnk
[2014/07/10 15:36:58 | 000,002,265 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Skype.lnk
[2014/07/07 20:21:20 | 000,539,288 | ---- | M] () -- D:\WINDOWS\System32\perfh00C.dat
[2014/07/07 20:21:20 | 000,469,722 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2014/07/07 20:21:20 | 000,088,110 | ---- | M] () -- D:\WINDOWS\System32\perfc00C.dat
[2014/07/07 20:21:20 | 000,074,056 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2014/07/01 14:54:46 | 000,001,598 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\CyberGhost 5.lnk
[2014/07/01 14:54:46 | 000,000,738 | ---- | M] () -- D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk
[2014/06/23 20:06:01 | 000,001,024 | ---- | M] () -- D:\Documents and Settings\Administrateur\.rnd
[2014/06/18 03:01:55 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/07/16 21:55:05 | 002,451,768 | -HS- | C] () -- D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe
[2014/07/16 21:32:30 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin
[2014/07/16 16:18:12 | 000,000,777 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014/07/16 15:48:50 | 000,002,324 | ---- | C] () -- D:\WINDOWS\epplauncher.mif
[2014/07/15 00:29:37 | 000,263,868 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\N'GUESSAN EMILE.pdf
[2014/07/14 20:39:42 | 000,280,822 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/07/14 12:56:18 | 000,014,787 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\photo 007.jpg
[2014/07/14 12:46:16 | 000,010,942 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 006.JPG
[2014/07/14 12:26:07 | 000,012,249 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 005.jpg
[2014/07/14 11:36:46 | 002,451,768 | -HS- | C] () -- D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe
[2014/07/14 11:10:32 | 000,000,655 | ---- | C] () -- D:\Program Files\Program Files.lnk
[2014/07/14 11:10:32 | 000,000,637 | ---- | C] () -- D:\WINDOWS\WINDOWS.lnk
[2014/07/14 11:10:27 | 000,542,969 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 002.jpg
[2014/07/14 11:10:24 | 000,000,539 | ---- | C] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk
[2014/07/10 21:01:35 | 000,272,576 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2014/06/18 03:01:54 | 000,000,682 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2014/05/30 03:18:04 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\Administrateur\.rnd
[2014/05/30 01:48:57 | 000,002,272 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/05/29 20:06:22 | 000,056,424 | ---- | C] () -- D:\WINDOWS\System32\PrxerNsp.dll
[2014/05/29 11:48:59 | 000,118,784 | ---- | C] () -- D:\WINDOWS\System32\NetDiagnosis.dll
[2014/04/04 21:32:50 | 000,104,448 | ---- | C] () -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/04 16:10:37 | 000,004,205 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2014/04/04 16:10:17 | 000,602,112 | ---- | C] () -- D:\WINDOWS\notepad.exe
[2014/04/04 16:04:26 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2014/04/04 15:37:36 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2014/04/04 15:35:02 | 000,031,232 | ---- | C] () -- D:\WINDOWS\System32\cmdow.exe
[2014/04/04 15:33:30 | 000,000,320 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2014/04/04 15:30:47 | 000,021,892 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2014/03/16 13:49:33 | 000,000,219 | -H-- | C] () -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\CacheConfig.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2014/05/30 01:46:34 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/01/12 07:24:34 | 002,121,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\fastprox.dll -- [2010/01/12 07:24:34 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\wbemess.dll -- [2010/01/12 07:24:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2014/05/20 02:35:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop
[2014/05/20 02:35:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/05/29 11:49:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Cyberoam
[2014/05/19 15:04:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\DMCache
[2014/05/29 20:10:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\EurekaLog
[2014/06/12 00:45:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Eusing
[2014/07/15 00:29:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Foxit Software
[2014/07/15 16:00:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Panda Security
[2014/05/29 20:06:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Proxifier
[2014/04/10 10:59:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\TeraCopy
[2014/07/16 22:22:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\uTorrent
[2014/07/15 04:21:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/15 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2014/06/15 11:05:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Foxit Software
[2014/06/14 21:31:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Foxit Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2014/05/20 02:20:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2014/07/15 04:21:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/16 16:18:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/07/16 15:04:36 | 000,000,000 | --SD | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2014/06/13 12:51:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014/04/04 22:16:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Mozilla
[2014/07/15 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2014/05/22 09:03:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Skype
[2014/07/16 20:44:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.dll /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014/05/20 02:20:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Adobe
[2014/05/20 02:35:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop
[2014/05/20 02:35:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/05/29 11:49:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Cyberoam
[2014/05/19 15:04:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\DMCache
[2014/06/16 13:36:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\dvdcss
[2014/05/29 20:10:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\EurekaLog
[2014/06/12 00:45:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Eusing
[2014/07/15 00:29:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Foxit Software
[2014/04/04 15:39:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Identities
[2014/04/05 10:39:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Macromedia
[2014/07/14 12:58:22 | 000,000,000 | --SD | M] -- D:\Documents and Settings\Administrateur\Application Data\Microsoft
[2014/04/04 22:16:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Mozilla
[2014/07/15 16:00:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Panda Security
[2014/05/29 20:06:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Proxifier
[2014/07/16 20:21:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Skype
[2014/04/10 10:59:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\TeraCopy
[2014/07/16 22:22:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\uTorrent
[2014/07/16 00:47:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\vlc
[2014/04/10 10:58:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\WinRAR

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2014/05/20 02:19:15 | 000,000,000 | ---D | M] -- D:\Program Files\Adobe
[2014/04/04 15:32:41 | 000,000,000 | ---D | M] -- D:\Program Files\Alky for Applications
[2014/07/02 13:19:29 | 000,000,000 | ---D | M] -- D:\Program Files\CCleaner
[2014/04/04 15:30:40 | 000,000,000 | ---D | M] -- D:\Program Files\ComPlus Applications
[2014/07/01 14:55:42 | 000,000,000 | ---D | M] -- D:\Program Files\CyberGhost 5
[2014/05/29 11:54:06 | 000,000,000 | ---D | M] -- D:\Program Files\Cyberoam
[2014/05/29 20:10:53 | 000,000,000 | ---D | M] -- D:\Program Files\delight software gmbh
[2014/07/07 20:44:11 | 000,000,000 | ---D | M] -- D:\Program Files\DrayTek
[2014/06/12 02:11:51 | 000,000,000 | ---D | M] -- D:\Program Files\DsNET Corp
[2014/06/10 16:37:07 | 000,000,000 | ---D | M] -- D:\Program Files\Fichiers communs
[2014/06/14 21:30:41 | 000,000,000 | ---D | M] -- D:\Program Files\Foxit Software
[2014/05/19 14:53:08 | 000,000,000 | ---D | M] -- D:\Program Files\Google
[2014/05/30 03:11:54 | 000,000,000 | ---D | M] -- D:\Program Files\Internet Explorer
[2014/07/16 16:18:11 | 000,000,000 | ---D | M] -- D:\Program Files\Malwarebytes Anti-Malware
[

17 réponses

Réponse 1 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
18 juil. 2014 à 15:29
Bonjour alain ,

Relance OTL.
Sous Persfonnalisation (Custom Scan), copie-colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici: 


:OTL 

:files 
D:\Program Files\Program Files.lnk
D:\WINDOWS\WINDOWS.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk

:Commands 
[emptytemp] 
[emptyflash] 
[reboot]

Redemarre le pc sous windows et poste le rapport dans ta prochaine réponse.
Le rapport est sauvegardé sous C:\_OTL\MovedFiles\date_heure.log
1
Réponse 2 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
Modifié par ¡El Desaparecido! le 16/07/2014 à 23:46
Hello ,

Bienvenue sur CCM.

C'est un worm.autoit (un ver) , il se propage via les supports amovibles (clés USB, carte SD ..)

Pour le supprimer :

# Télécharge UsbFix sur ton Bureau.
# Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement.

# Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
# Double clique sur UsbFix.exe.

# Clique sur Options, dans le menu BBCode choisis CCM.
# Valide en cliquant sur Appliquer.
# UsbFix se relancera pour prendre en compte tes réglages.
# Clique maintenant sur Nettoyage.


# Laisse travailler l'outil, ton bureau ne sera pas accessible durant la phase de nettoyage, c'est normal.

# À la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum.
# Le rapport est aussi sauvegardé à la racine du disque système.
(C:\Usbfix\Log\UsbFix [Clean ...txt).
( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )
# ->> Tutoriel (aide) en images sur le site de l'auteur.

Infos sur l'infection : http://www.sosvirus.net/googleupdate-a3x-autoit-t87408.html

Développeur : UsbFix ## Webmaster : SosVirus
Comme dis Birdy -> People help the people
0
Réponse 3 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
17 juil. 2014 à 01:19
merci pour vos reponses
voila le lien pour le rapport otl: https://pjjoint.malekal.com/files.php?id=20140717_o10h11s9u7k8
0
Réponse 4 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
17 juil. 2014 à 09:47
Hello,

Il manque le rapport UsbFix.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
17 juil. 2014 à 14:26
excusez moi de vous poser la question, mais qu'est ce que je fais svp?
0
Réponse 6 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
17 juil. 2014 à 14:28
Hello Alain ,

Ceci : https://forums.commentcamarche.net/forum/affich-30517760-c-google-autolt3-exe-introuvable#2
0
Réponse 7 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
17 juil. 2014 à 14:54
voila le rapport usbfix
[b]############################## | UsbFix V 7.175 | [Nettoyage][/b]

Utilisateur: Administrateur (Administrateur) # MANADJA-3497EBC
Mis à jour le 11/07/2014 par El Desaparecido - SosVirus
Lancé à 14:41:53 | 17/07/2014

Site Web : [url=http://www.usbfix.net/]https://www.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]https://www.usb-antivirus.com/fr/maj/[/url]
Assistance : [url=http://www.sosvirus.net/forum-virus-securite.html]https://depannageinformatique.org/acheter/reservation/?f=6[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.usbfix.net/contact/]https://www.usb-antivirus.com/fr/contact/[/url]

[b]################## | System information |[/b]

CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
RAM -> [Total : 894 Mo | Free : 313 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Google Chrome : 35.0.1916.153
WB: Mozilla Firefox : 30.0

[b]################## | Security Information |[/b]

AS: Malwarebytes Anti-Malware : 1.0.0.532
FW: Windows Firewall [Actif]
SC: Security Center [[b](!) Désactivé[/b]]
WU: Windows Update [Actif]

[b]################## | Disk Information |[/b]

C:\ -> Disque fixe # 56 Go (9 Go libre(s) - 16%) [] # NTFS
D:\ (%SystemDrive%) -> Disque fixe # 56 Go (23 Go libre(s) - 41%) [] # NTFS

[b]################## | Processus Stoppés |[/b]

D:\WINDOWS\system32\spoolsv.exe (ID: 352|ParentID: 1796|SYSTEM)
D:\WINDOWS\explorer.exe (ID: 200|ParentID: 1856|Administrateur)
D:\WINDOWS\system32\VTTimer.exe (ID: 408|ParentID: 200|Administrateur)
D:\WINDOWS\system32\S3Trayp.exe (ID: 416|ParentID: 200|Administrateur)
D:\WINDOWS\VistaDrive\VistaDrive.exe (ID: 448|ParentID: 200|Administrateur)
D:\Program Files\PowerISO\PWRISOVM.EXE (ID: 460|ParentID: 200|Administrateur)
D:\Program Files\SoftEther VPN Client\vpnclient.exe (ID: 464|ParentID: 200|Administrateur)
D:\WINDOWS\system32\wscript.exe (ID: 492|ParentID: 200|Administrateur)
D:\Program Files\AVG\AVG2014\avgui.exe (ID: 500|ParentID: 200|Administrateur)
D:\WINDOWS\system32\ctfmon.exe (ID: 496|ParentID: 200|Administrateur)
D:\Program Files\Windows Sidebar\sidebar.exe (ID: 580|ParentID: 200|Administrateur)
D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe (ID: 588|ParentID: 200|Administrateur)
D:\Program Files\Skype\Phone\Skype.exe (ID: 1280|ParentID: 200|Administrateur)
D:\Program Files\AVG\AVG2014\avgfws.exe (ID: 196|ParentID: 1796|SYSTEM)
D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (ID: 772|ParentID: 200|Administrateur)
D:\Program Files\AVG\AVG2014\avgwdsvc.exe (ID: 548|ParentID: 1796|SYSTEM)
D:\Program Files\SoftEther VPN Client\vpncmgr.exe (ID: 948|ParentID: 200|Administrateur)
D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 2524|ParentID: 1796|SYSTEM)
D:\Program Files\SoftEther VPN Client\vpnclient.exe (ID: 1336|ParentID: 1796|SYSTEM)
D:\Program Files\Malwarebytes Anti-Malware\mbam.exe (ID: 2180|ParentID: 3544|Administrateur)
D:\Program Files\CyberGhost 5\Service.exe (ID: 2192|ParentID: 1796|SYSTEM)
D:\WINDOWS\system32\alg.exe (ID: 280|ParentID: 1796|SERVICE LOCAL)
D:\Program Files\Windows Sidebar\sidebar.exe (ID: 2536|ParentID: 580|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3216|ParentID: 200|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3488|ParentID: 3216|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4056|ParentID: 3216|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3920|ParentID: 3216|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4280|ParentID: 3216|Administrateur)
D:\Program Files\Mozilla Firefox\firefox.exe (ID: 576|ParentID: 200|Administrateur)
D:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 3308|ParentID: 576|Administrateur)
D:\WINDOWS\explorer.exe (ID: 1024|ParentID: 200|Administrateur)

[b]################## | Autorun |[/b]


[b]################## | Recherche générique |[/b]

Supprimé! D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe
Supprimé! D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe
Supprimé! C:\INFO\Desktop.ini
Supprimé! C:\Thumbs.db
Supprimé! D:\Skypee\AutoIt3.exe
Supprimé! D:\Skypee\Google.lnk
Supprimé! D:\Skypee\GoogleUpdate.lnk
Supprimé! D:\Skypee\Skypee.lnk
Supprimé! D:\Skypee
Supprimé! D:\_OTL\MovedFiles\07162014_215440\D_Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe

(!) Fichiers temporaires supprimés.

[b]################## | Registre |[/b]

Supprimé! HKU\S-1-5-21-776561741-57989841-1614895754-500\Software\Microsoft\Windows\CurrentVersion\Run|bin_16347694874825 (3)
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|bin_16347694874825 (3)

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] D:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [uTorrent] "D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [CyberGhost] "D:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
04 - HKCU\..\Run : [OfficeSyncProcess] "D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKLM\..\Run : [VTTimer] VTTimer.exe
04 - HKLM\..\Run : [S3Trayp] S3trayp.exe
04 - HKLM\..\Run : [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
04 - HKLM\..\Run : [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\..\Run : [SoftEther VPN Client UI Helper] "D:\Program Files\SoftEther VPN Client\vpnclient.exe" /uihelp
04 - HKLM\..\Run : [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [AVG_UI] "D:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [uTorrent] "D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [CyberGhost] "D:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [OfficeSyncProcess] "D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-19\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[b]################## | C:\ - Disque Fixe (NTFS) |[/b]

[15/07/2014 - 07:48:51 | D] - C:\Person.of.Interest.S01-FRENCH.BDRiP.XViD-SODAPOP
[15/07/2014 - 07:48:33 | D] - C:\Nikita.S01.FRENCH.DVDRip.XviD-JMT
[15/07/2014 - 00:29:55 | N | 2 Ko] - C:\FoxitReaderUpdateInfo.txt
[04/04/2014 - 15:32:27 | N | 0 Ko] - C:\CONFIG.SYS
[04/04/2014 - 15:32:27 | RASH | 0 Ko] - C:\MSDOS.SYS
[04/04/2014 - 15:32:27 | RASH | 0 Ko] - C:\IO.SYS
[04/04/2014 - 15:14:20 | SH | 0 Ko] - C:\boot.ini
[15/07/2014 - 07:49:07 | D] - C:\Person.Of.Interest.S02.FRENCH
[12/01/2010 - 07:24:34 | N | 46 Ko | [url=https://www.virustotal.com/file/8f7186a71684dd114e89cc908ed9400192bc3a47fb288cce4c5c27d0f5d3afa4/analysis/1405559978/]VirusTotal[/url] - (0/53)] - C:\NTDETECT.COM
[12/01/2010 - 07:24:34 | N | 5 Ko] - C:\Bootfont.bin
[14/07/2014 - 11:10:30 | SHD] - C:\$RECYCLE.BIN
[04/04/2014 - 15:32:27 | A | 0 Ko] - C:\AUTOEXEC.BAT
[12/01/2010 - 07:24:34 | RASH | 246 Ko] - C:\ntldr
[14/07/2014 - 11:10:31 | SHD] - C:\RECYCLER
[15/07/2014 - 07:47:06 | D] - C:\Mes vidéos
[15/07/2014 - 07:47:20 | D] - C:\mddrrrrr
[15/07/2014 - 07:47:48 | D] - C:\Homeland
[15/07/2014 - 07:48:03 | D] - C:\LAETY
[15/07/2014 - 07:48:13 | D] - C:\Magic System - Africainement Vôtre 2014 Maxx
[15/07/2014 - 07:49:14 | D] - C:\The Bible
[15/07/2014 - 07:49:21 | D] - C:\WINDOWS
[16/07/2014 - 22:13:13 | SHD] - C:\System Volume Information
[17/07/2014 - 14:46:38 | D] - C:\INFO

[b]################## | D:\ %SystemDrive% - Disque Fixe (NTFS) |[/b]

[17/07/2014 - 14:03:15 | ASH | 2095104 Ko] - D:\pagefile.sys
[17/07/2014 - 14:03:16 | ASH | 915700 Ko] - D:\hiberfil.sys
[17/07/2014 - 03:56:19 | D] - D:\Config.Msi
[17/07/2014 - 00:59:14 | N | 1 Ko] - D:\BDWizReg.log
[01/04/2008 - 17:37:53 | N | 4 Ko] - D:\DriverPack_Sound_A_wnt5_x86-32.ini
[12/04/2008 - 11:47:12 | | 3 Ko] - D:\DriverPack_Sound_B_wnt5_x86-32.ini
[28/12/2008 - 20:46:35 | N | 1 Ko] - D:\DriverPack_LAN_wnt5_x86-32.ini
[07/01/2009 - 23:44:38 | | 110 Ko] - D:\DriverPack_MassStorage_wnt5_x86-32.ini
[06/02/2009 - 05:05:08 | | 1 Ko] - D:\DriverPack_Chipset_wnt5_x86-32.ini
[11/12/2009 - 00:33:14 | N | 5 Ko] - D:\DriverPack_Graphics_B_wnt5_x86-32.ini
[11/12/2009 - 23:45:27 | N | 7 Ko] - D:\DriverPack_Graphics_C_wnt5_x86-32.ini
[12/12/2009 - 00:23:00 | N | 0 Ko] - D:\DriverPack_CPU_wnt5_x86-32.ini
[16/12/2009 - 18:20:32 | N | 8 Ko] - D:\DriverPack_Graphics_A_wnt5_x86-32.ini
[12/01/2010 - 07:24:34 | N | 1 Ko] - D:\DPSFNSHR.INI
[27/01/2009 - 10:17:19 | N | 55 Ko | [url=https://www.virustotal.com/file/5f9b898315ad8192e87e21a499fd87d31b886513bb39d368476174aaa89a2bf9/analysis/1405522469/]VirusTotal[/url] - (0/54)] - D:\devcon.exe
[27/01/2009 - 10:17:19 | N | 21 Ko | [url=https://www.virustotal.com/file/36e8e5ddd28fc3b7be797e1836cecca84557560db1c0790fc55f5e35b82973bc/analysis/1403003432/]VirusTotal[/url] - ([color=#FF0000]3[/color]/[color=#FF0000]54[/color])] - D:\makePNF.exe
[27/01/2009 - 10:17:19 | N | 135 Ko | [url=https://www.virustotal.com/file/4b453c1ba35625ab44bc7f7196e6331e883866d42562dfe0c0bec1aa37149792/analysis/1404506065/]VirusTotal[/url] - ([color=#FF0000]4[/color]/[color=#FF0000]54[/color])] - D:\mute.exe
[11/06/2009 - 01:00:33 | N | 316 Ko | [url=https://www.virustotal.com/file/4c8ef69b28033381b90e7dd7e8c956e3c22352c2e837fa7e168bf079a2525561/analysis/1392908872/]VirusTotal[/url] - ([color=#FF0000]1[/color]/[color=#FF0000]48[/color])] - D:\DPsFnshr.exe
[11/06/2009 - 01:00:36 | N | 273 Ko | [url=https://www.virustotal.com/file/79444fded41672ad9bd94268441d9f0af354f61ea43c56632e57f11fd413e140/analysis/1404397615/]VirusTotal[/url] - ([color=#FF0000]2[/color]/[color=#FF0000]54[/color])] - D:\DSPdsblr.exe
[11/06/2009 - 01:00:40 | N | 264 Ko | [url=https://www.virustotal.com/file/391dc70ab2b2ac1206e14e5d061415fb390578d9e9c68a6dcaaab178908e0596/analysis/1397744288/]VirusTotal[/url] - ([color=#FF0000]1[/color]/[color=#FF0000]51[/color])] - D:\pmtimer.exe
[16/07/2014 - 22:18:37 | N | 1 Ko] - D:\PhysicalMBR.bin
[14/07/2014 - 11:10:31 | D] - D:\105ec424949e3f2cea
[14/07/2014 - 11:10:31 | D] - D:\D
[14/07/2014 - 11:10:31 | D] - D:\Documents and Settings
[14/07/2014 - 11:10:32 | RHD] - D:\MSOCache
[14/07/2014 - 11:10:32 | SHD] - D:\RECYCLER
[16/07/2014 - 17:32:09 | D] - D:\rsit
[16/07/2014 - 19:12:43 | D] - D:\d3789a5aa6bb7c160fa1dd59
[16/07/2014 - 20:24:04 | D] - D:\_OTL
[16/07/2014 - 21:32:13 | SHD] - D:\System Volume Information
[17/07/2014 - 03:53:37 | D] - D:\Program Files
[17/07/2014 - 03:54:16 | D] - D:\$AVG
[17/07/2014 - 08:43:45 | D] - D:\WINDOWS
[17/07/2014 - 14:38:36 | D] - D:\UsbFix

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]https://www.usbfix.net/[/url] |[/b]
0
Réponse 8 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
17 juil. 2014 à 15:22
# Télécharge ZHPDiag de Nicolas Coolman et enregistre-le sur ton Bureau.

# Installe le logiciel.
# Sous Windows Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
# N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

# L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.
# Double-clique sur ZHPDiag pour lancer l'exécution.

# Clic sur Complet .
# Tu patientes jusqu'à ce que le scan affiche 100%.

-> http://upload.sosvirus.net/images/2014/04/16/ZHPDiagc82cd.png

# Le rapport est sauvegardé sur le bureau.
# Ferme ZHPDiag.

# Héberger et transmettre un rapport.

# Rend toi sur SosUpload.
# Clique sur Parcourir et cherche le rapport de ZHPDiag sur ton bureau
# Clique ensuite sur Envoyer le fichier.
# Tu obtiendras un lien de téléchargement du rapport.
# Transmet ce lien dans ta prochaine réponse stp.

0
Réponse 9 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
17 juil. 2014 à 15:52
Voila le lien: http://upload.sosvirus.net/www/?a=d&i=gbVCH4DPGo

merci bcp
0
Réponse 10 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
Modifié par ¡El Desaparecido! le 17/07/2014 à 16:19
Ou en est ton soucis ? :

voila, je suis en galère depuis que mon frère a connecté une clé usb infectée du virus vbe, après analyse avec malwarebytes anti-malware, mon ordi affiche dans une fenêtre après démarrage "c:\google\Autolt3.exe" Windows ne trouve pas le fichier avec une deuxième fenêtre ms-dos qui affiche Windows udpate, je ne sais pas que faire, j'ai vraiment besoin d'aides svp.

Ne télécharge pas|plus sur Softonic, ils proposent des logiciels repackés bardé de logiciel publicitaires lors des téléchargements.

# Télécharge AdwCleaner par Xplode sur ton bureau.
# Exécute AdwCleaner.exe.

# Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
# Choisi l'option Scanner
# Choisi l'option Nettoyer
# Accepte l'avertissement en cliquant sur OK



# Une fois le scan fini, un rapport s'ouvrira. Poste son contenu dans ta prochaine réponse.
# Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

Développeur : UsbFix ## Webmaster : SosVirus
Comme dis Birdy -> People help the people
0
Réponse 11 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
17 juil. 2014 à 18:19
desolé, mais toujours au même niveau!!! je fais le scan avec adwcleaner
0
Réponse 12 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
17 juil. 2014 à 18:37
voila le rapport

# AdwCleaner v3.215 - Rapport créé le 17/07/2014 à 18:23:13
# Mis à jour le 09/07/2014 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Administrateur - MANADJA-3497EBC
# Exécuté depuis : D:\Documents and Settings\Administrateur\Mes documents\Téléchargements\adwcleaner_3.215.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Valeur Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Toolbar Cleaner\ToolbarCleaner.exe]
Clé Supprimée : HKCU\Software\PrivitizeVPNInstallDates
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\StartSearch
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (fr)

[ Fichier : D:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mbjoldr7.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Fichier : D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1788 octets] - [17/07/2014 18:20:11]
AdwCleaner[S0].txt - [1717 octets] - [17/07/2014 18:23:13]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [1777 octets] ##########




mais j'ai toujours le meme soucis
0
Réponse 13 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
17 juil. 2014 à 20:13
Re,

Excuse moi, j'étais pris :(

Peux tu refaire un scan OTL et me communiquer le nouveau rapport hébergé stp ?

Bon appétit :)
0
Réponse 14 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
18 juil. 2014 à 13:29
bonjour,
voila le lien pour le rapport otl: https://pjjoint.malekal.com/files.php?id=20140718_h5l14z8f9p9
0
Réponse 15 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
18 juil. 2014 à 16:46
voila le rapport:
All processes killed
========== OTL ==========
========== FILES ==========
D:\Program Files\Program Files.lnk moved successfully.
D:\WINDOWS\WINDOWS.lnk moved successfully.
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 39385629 bytes
->Temporary Internet Files folder emptied: 6467140 bytes
->FireFox cache emptied: 25313058 bytes
->Google Chrome cache emptied: 292783972 bytes
->Flash cache emptied: 61527 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 260225 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2693120 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19472141 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23997 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 369,00 mb


[EMPTYFLASH]

User: Administrateur
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07182014_162422

Files\Folders moved on Reboot...
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmp73.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmp83.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmp93.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmpA9.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmpBD.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmpCF.tmp not found!
D:\WINDOWS\temp\VPN_71FC\9218E5A4.dll moved successfully.
D:\WINDOWS\temp\VPN_71FC\VPN_Lock.dat moved successfully.
File\Folder D:\WINDOWS\temp\VPN_369B\VPN_Lock.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Je vous remercie beaucoup pour votre aide, le problème a été reglé.
0
Réponse 16 / 17
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
18 juil. 2014 à 17:01
De rien Alain et bon week-end :)

Pour supprimer les outils de désinfections utilisés :

Télécharges DelFix par Xplode sur ton Bureau.

Lance DelFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Coche les cases suivantes :

Supprimer les outils de désinfection
Purger la restauration système


@+
0
Réponse 17 / 17
alainfeguier Messages postés 10 Date d'inscription mercredi 16 juillet 2014 Statut Membre Dernière intervention 18 juillet 2014
18 juil. 2014 à 18:27
ok, pas de soucis, mille fois merci
0