C:\google\Autolt3.exe introuvable [Résolu/Fermé]

Signaler
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014
-
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014
-
Bonsoir
voila, je suis en galère depuis que mon frère a connecté une clé usb infectée du virus vbe, après analyse avec malwarebytes anti-malware, mon ordi affiche dans une fenêtre après démarrage "c:\google\Autolt3.exe" Windows ne trouve pas le fichier avec une deuxième fenêtre ms-dos qui affiche Windows udpate, je ne sais pas que faire, j'ai vraiment besoin d'aides svp.

voila le rapport OTL

OTL logfile created on: 16/07/2014 22:15:04 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Administrateur\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,17 Mb Total Physical Memory | 87,77 Mb Available Physical Memory | 9,82% Memory free
2,80 Gb Paging File | 1,89 Gb Available in Paging File | 67,28% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 55,98 Gb Total Space | 8,72 Gb Free Space | 15,58% Space Free | Partition Type: NTFS
Drive D: | 55,80 Gb Total Space | 20,68 Gb Free Space | 37,07% Space Free | Partition Type: NTFS

Computer Name: MANADJA-3497EBC | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/07/16 21:08:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrateur\Mes documents\Téléchargements\OTL-.exe
PRC - [2014/07/03 23:50:40 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe
PRC - [2014/06/25 23:51:07 | 000,275,568 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/06/12 09:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) -- D:\Program Files\CyberGhost 5\Service.exe
PRC - [2014/06/12 09:02:08 | 000,404,080 | ---- | M] (CyberGhost S.R.L.) -- D:\Program Files\CyberGhost 5\CyberGhost.exe
PRC - [2014/06/09 12:50:16 | 003,731,512 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- D:\Program Files\SoftEther VPN Client\vpncmgr.exe
PRC - [2014/06/09 12:50:16 | 003,540,536 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- D:\Program Files\SoftEther VPN Client\vpnclient.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2011/11/15 05:50:22 | 000,312,376 | ---- | M] (Power Software Ltd) -- D:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/12 07:24:34 | 001,916,416 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/06/11 12:15:40 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- D:\WINDOWS\system32\S3Trayp.exe
PRC - [2006/10/05 20:56:28 | 000,280,779 | ---- | M] () -- D:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2006/09/21 17:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\system32\VTTimer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/06/25 23:51:04 | 003,852,912 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/06/10 16:37:07 | 008,007,680 | ---- | M] () -- D:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/05/30 03:06:42 | 000,400,896 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
MOD - [2014/05/30 03:05:48 | 011,791,360 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2014/05/30 03:05:31 | 000,627,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2014/05/30 03:05:30 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2014/05/30 03:05:14 | 000,140,800 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
MOD - [2014/05/30 03:05:13 | 000,627,712 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2014/05/30 03:03:38 | 000,676,352 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
MOD - [2014/05/30 03:03:33 | 000,970,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2014/05/30 03:03:26 | 000,025,600 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
MOD - [2014/05/30 02:01:53 | 000,255,488 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
MOD - [2014/05/30 02:01:30 | 017,313,792 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\19644a754454916a619b68315e50b428\System.ServiceModel.ni.dll
MOD - [2014/05/30 01:59:28 | 002,338,304 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
MOD - [2014/05/30 01:59:06 | 001,056,768 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
MOD - [2014/05/30 01:58:42 | 005,449,728 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2014/05/30 01:58:18 | 012,428,800 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2014/05/30 01:57:11 | 001,587,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2014/05/30 01:55:40 | 002,294,784 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
MOD - [2014/05/30 01:52:12 | 007,867,392 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2014/05/30 01:51:55 | 011,485,184 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2014/05/30 01:50:29 | 000,499,712 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2014/05/30 01:50:17 | 000,311,296 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2014/05/30 01:50:15 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2014/05/30 01:50:12 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2014/05/30 01:46:42 | 000,303,104 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/05/30 01:46:41 | 000,261,632 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/04/30 09:53:32 | 000,032,768 | ---- | M] () -- D:\Program Files\CyberGhost 5\fr\CyberGhost.resources.dll
MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- D:\WINDOWS\system32\PrxerNsp.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- D:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/12 07:24:34 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/23 00:01:42 | 000,026,576 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vshell32.dll
MOD - [2008/03/23 00:01:40 | 000,040,400 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vuser32.dll
MOD - [2008/03/23 00:01:40 | 000,011,216 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vuxtheme.dll
MOD - [2008/03/23 00:01:36 | 000,082,384 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vntdll.dll
MOD - [2008/03/23 00:01:36 | 000,058,320 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vkernel32.dll
MOD - [2008/03/23 00:01:34 | 000,039,424 | ---- | M] () -- D:\Program Files\Alky for Applications\vshellext.dll
MOD - [2008/03/23 00:01:34 | 000,019,920 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vmsvcrt.dll
MOD - [2008/03/23 00:01:32 | 000,046,032 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vadvapi32.dll
MOD - [2008/03/23 00:01:30 | 000,047,056 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vgdiplus.dll
MOD - [2008/03/23 00:01:30 | 000,008,144 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vdwmapi.dll
MOD - [2008/03/23 00:00:36 | 000,096,208 | ---- | M] () -- D:\Program Files\Alky for Applications\Libraries\vcomctl32.dll
MOD - [2008/03/23 00:00:10 | 000,040,960 | ---- | M] () -- D:\Program Files\Alky for Applications\vclasses.dll
MOD - [2006/10/05 20:56:28 | 000,280,779 | ---- | M] () -- D:\WINDOWS\VistaDrive\VistaDrive.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- D:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe -- (ptservice)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/07/10 16:25:32 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 23:51:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/12 09:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- D:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV - [2014/06/09 12:50:16 | 003,540,536 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Auto | Running] -- D:\Program Files\SoftEther VPN Client\vpnclient.exe -- (SEVPNCLIENT)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/02 10:47:30 | 000,032,568 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- D:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/07/16 22:10:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/19 15:56:54 | 000,025,824 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Neo_0095.sys -- (Neo_VPN)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/16 02:45:58 | 000,032,872 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tapstrong.sys -- (tapstrong)
DRV - [2013/08/22 14:40:22 | 000,035,288 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/12/19 05:40:36 | 000,034,344 | ---- | M] (DrayTek, Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\VPPP.sys -- (VPPP)
DRV - [2011/11/15 05:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/12/16 22:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/12/16 22:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/07/11 14:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/06/06 16:38:54 | 000,201,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2003/07/02 10:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl

IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 36507331
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-776561741-57989841-1614895754-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "https://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&gws_rd=ssl"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins

[2014/04/04 22:16:40 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2014/07/15 16:02:14 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mbjoldr7.default\extensions
[2014/06/25 23:50:48 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/25 23:51:08 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/01/12 07:24:34 | 000,000,790 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [bin_16347694874825 (3)] wscript.exe //B "D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe" File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [S3Trayp] D:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SoftEther VPN Client UI Helper] D:\Program Files\SoftEther VPN Client\vpnclient.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4 - HKLM..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKLM..\Run: [VTTimer] D:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [bin_16347694874825 (3)] wscript.exe //B "D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe" File not found
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [ClubMessenger] File not found
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [CyberGhost] D:\Program Files\CyberGhost 5\CyberGhost.EXE (CyberGhost S.R.L.)
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [OfficeSyncProcess] D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-776561741-57989841-1614895754-500..\Run: [uTorrent] D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe ()
O4 - Startup: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4 - Startup: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk = D:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-776561741-57989841-1614895754-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O8 - Extra context menu item: &Envoyer à OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\PrxerDrv.dll (Initex)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EDBE94A-9832-451C-A2AF-BEB7CC0126E7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (TeChNi-AmEcO)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/04 15:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "D:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - D:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv41 - ir41_32.ax File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to D:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/07/16 20:44:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/07/16 20:24:04 | 000,000,000 | ---D | C] -- D:\_OTL
[2014/07/16 18:01:34 | 000,000,000 | ---D | C] -- D:\d3789a5aa6bb7c160fa1dd59
[2014/07/16 17:31:36 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2014/07/16 17:31:36 | 000,000,000 | ---D | C] -- D:\rsit
[2014/07/16 16:18:57 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/16 16:18:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware
[2014/07/16 16:18:07 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/07/16 16:18:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2014/07/16 16:18:06 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes Anti-Malware
[2014/07/16 16:18:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/07/15 06:38:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Application Data\Panda Security
[2014/07/15 06:37:06 | 000,000,000 | ---D | C] -- D:\Program Files\Panda Security
[2014/07/15 06:08:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2014/07/15 03:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/14 16:44:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Kaspersky Lab Setup Files
[2014/07/14 11:10:31 | 000,000,000 | RHSD | C] -- D:\Skypee
[2014/07/14 01:45:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Mes documents\GTA Vice City User Files
[2014/07/13 22:26:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Bureau\Grand Theft Auto Vice City Modern Mod
[2014/07/13 22:25:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Bureau\NFSMW
[2014/07/10 15:05:21 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrateur\Recent
[2014/07/07 20:47:21 | 000,000,000 | ---D | C] -- D:\Program Files\TAP-Windows
[2014/07/07 20:47:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\TAP-Windows
[2014/07/07 20:47:20 | 000,000,000 | ---D | C] -- D:\Program Files\OpenVPN
[2014/07/07 20:47:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenVPN
[2014/07/07 20:45:14 | 000,000,000 | ---D | C] -- D:\Program Files\OpenVPN Technologies
[2014/07/07 03:25:43 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrateur\IECompatCache
[2014/06/28 03:05:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities
[2014/06/25 23:50:47 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2014/06/18 03:01:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2014/06/18 03:01:51 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2014/06/17 15:45:30 | 000,032,872 | ---- | C] (The OpenVPN Project) -- D:\WINDOWS\System32\drivers\tapstrong.sys
[2014/06/17 15:35:42 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ReinstallBackups
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/07/16 22:19:17 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/16 22:18:37 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin
[2014/07/16 22:10:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/16 21:56:51 | 000,001,068 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/16 21:56:48 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2014/07/16 21:56:47 | 937,676,800 | -HS- | M] () -- D:\hiberfil.sys
[2014/07/16 21:41:07 | 000,001,072 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/16 20:46:44 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2014/07/16 20:46:16 | 000,002,324 | ---- | M] () -- D:\WINDOWS\epplauncher.mif
[2014/07/16 16:18:12 | 000,000,777 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014/07/16 02:40:50 | 000,104,448 | ---- | M] () -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/15 16:03:53 | 000,272,576 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/15 07:07:53 | 000,000,539 | ---- | M] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk
[2014/07/15 07:07:52 | 000,000,655 | ---- | M] () -- D:\Program Files\Program Files.lnk
[2014/07/15 07:07:52 | 000,000,637 | ---- | M] () -- D:\WINDOWS\WINDOWS.lnk
[2014/07/15 00:29:39 | 000,263,868 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\N'GUESSAN EMILE.pdf
[2014/07/14 12:56:19 | 000,014,787 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\photo 007.jpg
[2014/07/14 12:46:16 | 000,010,942 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 006.JPG
[2014/07/14 12:26:07 | 000,012,249 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 005.jpg
[2014/07/14 12:01:23 | 000,002,561 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\Microsoft Word 2010.lnk
[2014/07/10 15:36:58 | 000,002,265 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Skype.lnk
[2014/07/07 20:21:20 | 000,539,288 | ---- | M] () -- D:\WINDOWS\System32\perfh00C.dat
[2014/07/07 20:21:20 | 000,469,722 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2014/07/07 20:21:20 | 000,088,110 | ---- | M] () -- D:\WINDOWS\System32\perfc00C.dat
[2014/07/07 20:21:20 | 000,074,056 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2014/07/01 14:54:46 | 000,001,598 | ---- | M] () -- D:\Documents and Settings\Administrateur\Bureau\CyberGhost 5.lnk
[2014/07/01 14:54:46 | 000,000,738 | ---- | M] () -- D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk
[2014/06/23 20:06:01 | 000,001,024 | ---- | M] () -- D:\Documents and Settings\Administrateur\.rnd
[2014/06/18 03:01:55 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/07/16 21:55:05 | 002,451,768 | -HS- | C] () -- D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe
[2014/07/16 21:32:30 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin
[2014/07/16 16:18:12 | 000,000,777 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014/07/16 15:48:50 | 000,002,324 | ---- | C] () -- D:\WINDOWS\epplauncher.mif
[2014/07/15 00:29:37 | 000,263,868 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\N'GUESSAN EMILE.pdf
[2014/07/14 20:39:42 | 000,280,822 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/07/14 12:56:18 | 000,014,787 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\photo 007.jpg
[2014/07/14 12:46:16 | 000,010,942 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 006.JPG
[2014/07/14 12:26:07 | 000,012,249 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 005.jpg
[2014/07/14 11:36:46 | 002,451,768 | -HS- | C] () -- D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe
[2014/07/14 11:10:32 | 000,000,655 | ---- | C] () -- D:\Program Files\Program Files.lnk
[2014/07/14 11:10:32 | 000,000,637 | ---- | C] () -- D:\WINDOWS\WINDOWS.lnk
[2014/07/14 11:10:27 | 000,542,969 | ---- | C] () -- D:\Documents and Settings\Administrateur\Bureau\Photo 002.jpg
[2014/07/14 11:10:24 | 000,000,539 | ---- | C] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk
[2014/07/10 21:01:35 | 000,272,576 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2014/06/18 03:01:54 | 000,000,682 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2014/05/30 03:18:04 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\Administrateur\.rnd
[2014/05/30 01:48:57 | 000,002,272 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/05/29 20:06:22 | 000,056,424 | ---- | C] () -- D:\WINDOWS\System32\PrxerNsp.dll
[2014/05/29 11:48:59 | 000,118,784 | ---- | C] () -- D:\WINDOWS\System32\NetDiagnosis.dll
[2014/04/04 21:32:50 | 000,104,448 | ---- | C] () -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/04 16:10:37 | 000,004,205 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2014/04/04 16:10:17 | 000,602,112 | ---- | C] () -- D:\WINDOWS\notepad.exe
[2014/04/04 16:04:26 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2014/04/04 15:37:36 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2014/04/04 15:35:02 | 000,031,232 | ---- | C] () -- D:\WINDOWS\System32\cmdow.exe
[2014/04/04 15:33:30 | 000,000,320 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2014/04/04 15:30:47 | 000,021,892 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2014/03/16 13:49:33 | 000,000,219 | -H-- | C] () -- D:\Documents and Settings\Administrateur\Local Settings\Application Data\CacheConfig.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2014/05/30 01:46:34 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/01/12 07:24:34 | 002,121,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\fastprox.dll -- [2010/01/12 07:24:34 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\wbemess.dll -- [2010/01/12 07:24:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2014/05/20 02:35:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop
[2014/05/20 02:35:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/05/29 11:49:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Cyberoam
[2014/05/19 15:04:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\DMCache
[2014/05/29 20:10:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\EurekaLog
[2014/06/12 00:45:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Eusing
[2014/07/15 00:29:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Foxit Software
[2014/07/15 16:00:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Panda Security
[2014/05/29 20:06:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Proxifier
[2014/04/10 10:59:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\TeraCopy
[2014/07/16 22:22:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\uTorrent
[2014/07/15 04:21:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/15 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2014/06/15 11:05:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Foxit Software
[2014/06/14 21:31:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Foxit Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2014/05/20 02:20:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2014/07/15 04:21:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/16 16:18:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/07/16 15:04:36 | 000,000,000 | --SD | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2014/06/13 12:51:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014/04/04 22:16:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Mozilla
[2014/07/15 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2014/05/22 09:03:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Skype
[2014/07/16 20:44:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.dll /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014/05/20 02:20:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Adobe
[2014/05/20 02:35:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop
[2014/05/20 02:35:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/05/29 11:49:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Cyberoam
[2014/05/19 15:04:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\DMCache
[2014/06/16 13:36:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\dvdcss
[2014/05/29 20:10:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\EurekaLog
[2014/06/12 00:45:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Eusing
[2014/07/15 00:29:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Foxit Software
[2014/04/04 15:39:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Identities
[2014/04/05 10:39:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Macromedia
[2014/07/14 12:58:22 | 000,000,000 | --SD | M] -- D:\Documents and Settings\Administrateur\Application Data\Microsoft
[2014/04/04 22:16:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Mozilla
[2014/07/15 16:00:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Panda Security
[2014/05/29 20:06:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Proxifier
[2014/07/16 20:21:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Skype
[2014/04/10 10:59:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\TeraCopy
[2014/07/16 22:22:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\uTorrent
[2014/07/16 00:47:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\vlc
[2014/04/10 10:58:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\WinRAR

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2014/05/20 02:19:15 | 000,000,000 | ---D | M] -- D:\Program Files\Adobe
[2014/04/04 15:32:41 | 000,000,000 | ---D | M] -- D:\Program Files\Alky for Applications
[2014/07/02 13:19:29 | 000,000,000 | ---D | M] -- D:\Program Files\CCleaner
[2014/04/04 15:30:40 | 000,000,000 | ---D | M] -- D:\Program Files\ComPlus Applications
[2014/07/01 14:55:42 | 000,000,000 | ---D | M] -- D:\Program Files\CyberGhost 5
[2014/05/29 11:54:06 | 000,000,000 | ---D | M] -- D:\Program Files\Cyberoam
[2014/05/29 20:10:53 | 000,000,000 | ---D | M] -- D:\Program Files\delight software gmbh
[2014/07/07 20:44:11 | 000,000,000 | ---D | M] -- D:\Program Files\DrayTek
[2014/06/12 02:11:51 | 000,000,000 | ---D | M] -- D:\Program Files\DsNET Corp
[2014/06/10 16:37:07 | 000,000,000 | ---D | M] -- D:\Program Files\Fichiers communs
[2014/06/14 21:30:41 | 000,000,000 | ---D | M] -- D:\Program Files\Foxit Software
[2014/05/19 14:53:08 | 000,000,000 | ---D | M] -- D:\Program Files\Google
[2014/05/30 03:11:54 | 000,000,000 | ---D | M] -- D:\Program Files\Internet Explorer
[2014/07/16 16:18:11 | 000,000,000 | ---D | M] -- D:\Program Files\Malwarebytes Anti-Malware
[

17 réponses

Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
Bonjour alain ,

Relance OTL.
Sous Persfonnalisation (Custom Scan), copie-colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:


:OTL

:files
D:\Program Files\Program Files.lnk
D:\WINDOWS\WINDOWS.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk

:Commands
[emptytemp]
[emptyflash]
[reboot]

Redemarre le pc sous windows et poste le rapport dans ta prochaine réponse.
Le rapport est sauvegardé sous C:\_OTL\MovedFiles\date_heure.log
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 60511 internautes nous ont dit merci ce mois-ci

Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
Hello ,

Bienvenue sur CCM.

C'est un worm.autoit (un ver) , il se propage via les supports amovibles (clés USB, carte SD ..)

Pour le supprimer :

# Télécharge UsbFix sur ton Bureau.
# Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement.

# Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
# Double clique sur UsbFix.exe.

# Clique sur Options, dans le menu BBCode choisis CCM.
# Valide en cliquant sur Appliquer.
# UsbFix se relancera pour prendre en compte tes réglages.
# Clique maintenant sur Nettoyage.


# Laisse travailler l'outil, ton bureau ne sera pas accessible durant la phase de nettoyage, c'est normal.

# À la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum.
# Le rapport est aussi sauvegardé à la racine du disque système.
(C:\Usbfix\Log\UsbFix [Clean ...txt).
( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )
# ->> Tutoriel (aide) en images sur le site de l'auteur.

Infos sur l'infection : http://www.sosvirus.net/googleupdate-a3x-autoit-t87408.html

Développeur : UsbFix ## Webmaster : SosVirus
Comme dis Birdy -> People help the people
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

merci pour vos reponses
voila le lien pour le rapport otl: https://pjjoint.malekal.com/files.php?id=20140717_o10h11s9u7k8
Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
Hello,

Il manque le rapport UsbFix.
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

excusez moi de vous poser la question, mais qu'est ce que je fais svp?
Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

voila le rapport usbfix
[b]############################## | UsbFix V 7.175 | [Nettoyage][/b]

Utilisateur: Administrateur (Administrateur) # MANADJA-3497EBC
Mis à jour le 11/07/2014 par El Desaparecido - SosVirus
Lancé à 14:41:53 | 17/07/2014

Site Web : [url=http://www.usbfix.net/]https://www.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]https://www.usb-antivirus.com/fr/maj/[/url]
Assistance : [url=http://www.sosvirus.net/forum-virus-securite.html]https://www.sosvirus.net/depannages-informatique/viewforum.php?f=6[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.usbfix.net/contact/]https://www.usb-antivirus.com/fr/contact/[/url]

[b]################## | System information |[/b]

CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
RAM -> [Total : 894 Mo | Free : 313 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Google Chrome : 35.0.1916.153
WB: Mozilla Firefox : 30.0

[b]################## | Security Information |[/b]

AS: Malwarebytes Anti-Malware : 1.0.0.532
FW: Windows Firewall [Actif]
SC: Security Center [[b](!) Désactivé[/b]]
WU: Windows Update [Actif]

[b]################## | Disk Information |[/b]

C:\ -> Disque fixe # 56 Go (9 Go libre(s) - 16%) [] # NTFS
D:\ (%SystemDrive%) -> Disque fixe # 56 Go (23 Go libre(s) - 41%) [] # NTFS

[b]################## | Processus Stoppés |[/b]

D:\WINDOWS\system32\spoolsv.exe (ID: 352|ParentID: 1796|SYSTEM)
D:\WINDOWS\explorer.exe (ID: 200|ParentID: 1856|Administrateur)
D:\WINDOWS\system32\VTTimer.exe (ID: 408|ParentID: 200|Administrateur)
D:\WINDOWS\system32\S3Trayp.exe (ID: 416|ParentID: 200|Administrateur)
D:\WINDOWS\VistaDrive\VistaDrive.exe (ID: 448|ParentID: 200|Administrateur)
D:\Program Files\PowerISO\PWRISOVM.EXE (ID: 460|ParentID: 200|Administrateur)
D:\Program Files\SoftEther VPN Client\vpnclient.exe (ID: 464|ParentID: 200|Administrateur)
D:\WINDOWS\system32\wscript.exe (ID: 492|ParentID: 200|Administrateur)
D:\Program Files\AVG\AVG2014\avgui.exe (ID: 500|ParentID: 200|Administrateur)
D:\WINDOWS\system32\ctfmon.exe (ID: 496|ParentID: 200|Administrateur)
D:\Program Files\Windows Sidebar\sidebar.exe (ID: 580|ParentID: 200|Administrateur)
D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe (ID: 588|ParentID: 200|Administrateur)
D:\Program Files\Skype\Phone\Skype.exe (ID: 1280|ParentID: 200|Administrateur)
D:\Program Files\AVG\AVG2014\avgfws.exe (ID: 196|ParentID: 1796|SYSTEM)
D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (ID: 772|ParentID: 200|Administrateur)
D:\Program Files\AVG\AVG2014\avgwdsvc.exe (ID: 548|ParentID: 1796|SYSTEM)
D:\Program Files\SoftEther VPN Client\vpncmgr.exe (ID: 948|ParentID: 200|Administrateur)
D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 2524|ParentID: 1796|SYSTEM)
D:\Program Files\SoftEther VPN Client\vpnclient.exe (ID: 1336|ParentID: 1796|SYSTEM)
D:\Program Files\Malwarebytes Anti-Malware\mbam.exe (ID: 2180|ParentID: 3544|Administrateur)
D:\Program Files\CyberGhost 5\Service.exe (ID: 2192|ParentID: 1796|SYSTEM)
D:\WINDOWS\system32\alg.exe (ID: 280|ParentID: 1796|SERVICE LOCAL)
D:\Program Files\Windows Sidebar\sidebar.exe (ID: 2536|ParentID: 580|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3216|ParentID: 200|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3488|ParentID: 3216|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4056|ParentID: 3216|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3920|ParentID: 3216|Administrateur)
D:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4280|ParentID: 3216|Administrateur)
D:\Program Files\Mozilla Firefox\firefox.exe (ID: 576|ParentID: 200|Administrateur)
D:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 3308|ParentID: 576|Administrateur)
D:\WINDOWS\explorer.exe (ID: 1024|ParentID: 200|Administrateur)

[b]################## | Autorun |[/b]


[b]################## | Recherche générique |[/b]

Supprimé! D:\Documents and Settings\Administrateur\Application Data\bin_16347694874825 (3).vbe
Supprimé! D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe
Supprimé! C:\INFO\Desktop.ini
Supprimé! C:\Thumbs.db
Supprimé! D:\Skypee\AutoIt3.exe
Supprimé! D:\Skypee\Google.lnk
Supprimé! D:\Skypee\GoogleUpdate.lnk
Supprimé! D:\Skypee\Skypee.lnk
Supprimé! D:\Skypee
Supprimé! D:\_OTL\MovedFiles\07162014_215440\D_Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\bin_16347694874825 (3).vbe

(!) Fichiers temporaires supprimés.

[b]################## | Registre |[/b]

Supprimé! HKU\S-1-5-21-776561741-57989841-1614895754-500\Software\Microsoft\Windows\CurrentVersion\Run|bin_16347694874825 (3)
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|bin_16347694874825 (3)

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] D:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [uTorrent] "D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [CyberGhost] "D:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
04 - HKCU\..\Run : [OfficeSyncProcess] "D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKLM\..\Run : [VTTimer] VTTimer.exe
04 - HKLM\..\Run : [S3Trayp] S3trayp.exe
04 - HKLM\..\Run : [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
04 - HKLM\..\Run : [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\..\Run : [SoftEther VPN Client UI Helper] "D:\Program Files\SoftEther VPN Client\vpnclient.exe" /uihelp
04 - HKLM\..\Run : [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [AVG_UI] "D:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [uTorrent] "D:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [CyberGhost] "D:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
04 - HKU\S-1-5-21-776561741-57989841-1614895754-500\..\Run : [OfficeSyncProcess] "D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-19\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[b]################## | C:\ - Disque Fixe (NTFS) |[/b]

[15/07/2014 - 07:48:51 | D] - C:\Person.of.Interest.S01-FRENCH.BDRiP.XViD-SODAPOP
[15/07/2014 - 07:48:33 | D] - C:\Nikita.S01.FRENCH.DVDRip.XviD-JMT
[15/07/2014 - 00:29:55 | N | 2 Ko] - C:\FoxitReaderUpdateInfo.txt
[04/04/2014 - 15:32:27 | N | 0 Ko] - C:\CONFIG.SYS
[04/04/2014 - 15:32:27 | RASH | 0 Ko] - C:\MSDOS.SYS
[04/04/2014 - 15:32:27 | RASH | 0 Ko] - C:\IO.SYS
[04/04/2014 - 15:14:20 | SH | 0 Ko] - C:\boot.ini
[15/07/2014 - 07:49:07 | D] - C:\Person.Of.Interest.S02.FRENCH
[12/01/2010 - 07:24:34 | N | 46 Ko | [url=https://www.virustotal.com/file/8f7186a71684dd114e89cc908ed9400192bc3a47fb288cce4c5c27d0f5d3afa4/analysis/1405559978/]VirusTotal[/url] - (0/53)] - C:\NTDETECT.COM
[12/01/2010 - 07:24:34 | N | 5 Ko] - C:\Bootfont.bin
[14/07/2014 - 11:10:30 | SHD] - C:\$RECYCLE.BIN
[04/04/2014 - 15:32:27 | A | 0 Ko] - C:\AUTOEXEC.BAT
[12/01/2010 - 07:24:34 | RASH | 246 Ko] - C:\ntldr
[14/07/2014 - 11:10:31 | SHD] - C:\RECYCLER
[15/07/2014 - 07:47:06 | D] - C:\Mes vidéos
[15/07/2014 - 07:47:20 | D] - C:\mddrrrrr
[15/07/2014 - 07:47:48 | D] - C:\Homeland
[15/07/2014 - 07:48:03 | D] - C:\LAETY
[15/07/2014 - 07:48:13 | D] - C:\Magic System - Africainement Vôtre 2014 Maxx
[15/07/2014 - 07:49:14 | D] - C:\The Bible
[15/07/2014 - 07:49:21 | D] - C:\WINDOWS
[16/07/2014 - 22:13:13 | SHD] - C:\System Volume Information
[17/07/2014 - 14:46:38 | D] - C:\INFO

[b]################## | D:\ %SystemDrive% - Disque Fixe (NTFS) |[/b]

[17/07/2014 - 14:03:15 | ASH | 2095104 Ko] - D:\pagefile.sys
[17/07/2014 - 14:03:16 | ASH | 915700 Ko] - D:\hiberfil.sys
[17/07/2014 - 03:56:19 | D] - D:\Config.Msi
[17/07/2014 - 00:59:14 | N | 1 Ko] - D:\BDWizReg.log
[01/04/2008 - 17:37:53 | N | 4 Ko] - D:\DriverPack_Sound_A_wnt5_x86-32.ini
[12/04/2008 - 11:47:12 | | 3 Ko] - D:\DriverPack_Sound_B_wnt5_x86-32.ini
[28/12/2008 - 20:46:35 | N | 1 Ko] - D:\DriverPack_LAN_wnt5_x86-32.ini
[07/01/2009 - 23:44:38 | | 110 Ko] - D:\DriverPack_MassStorage_wnt5_x86-32.ini
[06/02/2009 - 05:05:08 | | 1 Ko] - D:\DriverPack_Chipset_wnt5_x86-32.ini
[11/12/2009 - 00:33:14 | N | 5 Ko] - D:\DriverPack_Graphics_B_wnt5_x86-32.ini
[11/12/2009 - 23:45:27 | N | 7 Ko] - D:\DriverPack_Graphics_C_wnt5_x86-32.ini
[12/12/2009 - 00:23:00 | N | 0 Ko] - D:\DriverPack_CPU_wnt5_x86-32.ini
[16/12/2009 - 18:20:32 | N | 8 Ko] - D:\DriverPack_Graphics_A_wnt5_x86-32.ini
[12/01/2010 - 07:24:34 | N | 1 Ko] - D:\DPSFNSHR.INI
[27/01/2009 - 10:17:19 | N | 55 Ko | [url=https://www.virustotal.com/file/5f9b898315ad8192e87e21a499fd87d31b886513bb39d368476174aaa89a2bf9/analysis/1405522469/]VirusTotal[/url] - (0/54)] - D:\devcon.exe
[27/01/2009 - 10:17:19 | N | 21 Ko | [url=https://www.virustotal.com/file/36e8e5ddd28fc3b7be797e1836cecca84557560db1c0790fc55f5e35b82973bc/analysis/1403003432/]VirusTotal[/url] - ([color=#FF0000]3[/color]/[color=#FF0000]54[/color])] - D:\makePNF.exe
[27/01/2009 - 10:17:19 | N | 135 Ko | [url=https://www.virustotal.com/file/4b453c1ba35625ab44bc7f7196e6331e883866d42562dfe0c0bec1aa37149792/analysis/1404506065/]VirusTotal[/url] - ([color=#FF0000]4[/color]/[color=#FF0000]54[/color])] - D:\mute.exe
[11/06/2009 - 01:00:33 | N | 316 Ko | [url=https://www.virustotal.com/file/4c8ef69b28033381b90e7dd7e8c956e3c22352c2e837fa7e168bf079a2525561/analysis/1392908872/]VirusTotal[/url] - ([color=#FF0000]1[/color]/[color=#FF0000]48[/color])] - D:\DPsFnshr.exe
[11/06/2009 - 01:00:36 | N | 273 Ko | [url=https://www.virustotal.com/file/79444fded41672ad9bd94268441d9f0af354f61ea43c56632e57f11fd413e140/analysis/1404397615/]VirusTotal[/url] - ([color=#FF0000]2[/color]/[color=#FF0000]54[/color])] - D:\DSPdsblr.exe
[11/06/2009 - 01:00:40 | N | 264 Ko | [url=https://www.virustotal.com/file/391dc70ab2b2ac1206e14e5d061415fb390578d9e9c68a6dcaaab178908e0596/analysis/1397744288/]VirusTotal[/url] - ([color=#FF0000]1[/color]/[color=#FF0000]51[/color])] - D:\pmtimer.exe
[16/07/2014 - 22:18:37 | N | 1 Ko] - D:\PhysicalMBR.bin
[14/07/2014 - 11:10:31 | D] - D:\105ec424949e3f2cea
[14/07/2014 - 11:10:31 | D] - D:\D
[14/07/2014 - 11:10:31 | D] - D:\Documents and Settings
[14/07/2014 - 11:10:32 | RHD] - D:\MSOCache
[14/07/2014 - 11:10:32 | SHD] - D:\RECYCLER
[16/07/2014 - 17:32:09 | D] - D:\rsit
[16/07/2014 - 19:12:43 | D] - D:\d3789a5aa6bb7c160fa1dd59
[16/07/2014 - 20:24:04 | D] - D:\_OTL
[16/07/2014 - 21:32:13 | SHD] - D:\System Volume Information
[17/07/2014 - 03:53:37 | D] - D:\Program Files
[17/07/2014 - 03:54:16 | D] - D:\$AVG
[17/07/2014 - 08:43:45 | D] - D:\WINDOWS
[17/07/2014 - 14:38:36 | D] - D:\UsbFix

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]https://www.usbfix.net/[/url] |[/b]
Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
# Télécharge ZHPDiag de Nicolas Coolman et enregistre-le sur ton Bureau.

# Installe le logiciel.
# Sous Windows Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
# N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

# L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.
# Double-clique sur ZHPDiag pour lancer l'exécution.

# Clic sur Complet .
# Tu patientes jusqu'à ce que le scan affiche 100%.

-> http://upload.sosvirus.net/images/2014/04/16/ZHPDiagc82cd.png

# Le rapport est sauvegardé sur le bureau.
# Ferme ZHPDiag.

# Héberger et transmettre un rapport.

# Rend toi sur SosUpload.
# Clique sur Parcourir et cherche le rapport de ZHPDiag sur ton bureau
# Clique ensuite sur Envoyer le fichier.
# Tu obtiendras un lien de téléchargement du rapport.
# Transmet ce lien dans ta prochaine réponse stp.

Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

Voila le lien: http://upload.sosvirus.net/www/?a=d&i=gbVCH4DPGo

merci bcp
Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
Ou en est ton soucis ? :

voila, je suis en galère depuis que mon frère a connecté une clé usb infectée du virus vbe, après analyse avec malwarebytes anti-malware, mon ordi affiche dans une fenêtre après démarrage "c:\google\Autolt3.exe" Windows ne trouve pas le fichier avec une deuxième fenêtre ms-dos qui affiche Windows udpate, je ne sais pas que faire, j'ai vraiment besoin d'aides svp.

Ne télécharge pas|plus sur Softonic, ils proposent des logiciels repackés bardé de logiciel publicitaires lors des téléchargements.

# Télécharge AdwCleaner par Xplode sur ton bureau.
# Exécute AdwCleaner.exe.

# Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
# Choisi l'option Scanner
# Choisi l'option Nettoyer
# Accepte l'avertissement en cliquant sur OK



# Une fois le scan fini, un rapport s'ouvrira. Poste son contenu dans ta prochaine réponse.
# Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

Développeur : UsbFix ## Webmaster : SosVirus
Comme dis Birdy -> People help the people
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

desolé, mais toujours au même niveau!!! je fais le scan avec adwcleaner
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

voila le rapport

# AdwCleaner v3.215 - Rapport créé le 17/07/2014 à 18:23:13
# Mis à jour le 09/07/2014 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Administrateur - MANADJA-3497EBC
# Exécuté depuis : D:\Documents and Settings\Administrateur\Mes documents\Téléchargements\adwcleaner_3.215.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Valeur Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Toolbar Cleaner\ToolbarCleaner.exe]
Clé Supprimée : HKCU\Software\PrivitizeVPNInstallDates
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\StartSearch
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (fr)

[ Fichier : D:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mbjoldr7.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Fichier : D:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1788 octets] - [17/07/2014 18:20:11]
AdwCleaner[S0].txt - [1717 octets] - [17/07/2014 18:23:13]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [1777 octets] ##########




mais j'ai toujours le meme soucis
Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
Re,

Excuse moi, j'étais pris :(

Peux tu refaire un scan OTL et me communiquer le nouveau rapport hébergé stp ?

Bon appétit :)
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

bonjour,
voila le lien pour le rapport otl: https://pjjoint.malekal.com/files.php?id=20140718_h5l14z8f9p9
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

voila le rapport:
All processes killed
========== OTL ==========
========== FILES ==========
D:\Program Files\Program Files.lnk moved successfully.
D:\WINDOWS\WINDOWS.lnk moved successfully.
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Update.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 39385629 bytes
->Temporary Internet Files folder emptied: 6467140 bytes
->FireFox cache emptied: 25313058 bytes
->Google Chrome cache emptied: 292783972 bytes
->Flash cache emptied: 61527 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 260225 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2693120 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19472141 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23997 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 369,00 mb


[EMPTYFLASH]

User: Administrateur
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07182014_162422

Files\Folders moved on Reboot...
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmp73.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmp83.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmp93.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmpA9.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmpBD.tmp not found!
File\Folder D:\Documents and Settings\Administrateur\Local Settings\Temp\tmpCF.tmp not found!
D:\WINDOWS\temp\VPN_71FC\9218E5A4.dll moved successfully.
D:\WINDOWS\temp\VPN_71FC\VPN_Lock.dat moved successfully.
File\Folder D:\WINDOWS\temp\VPN_369B\VPN_Lock.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Je vous remercie beaucoup pour votre aide, le problème a été reglé.
Messages postés
1522
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
190
De rien Alain et bon week-end :)

Pour supprimer les outils de désinfections utilisés :

Télécharges DelFix par Xplode sur ton Bureau.

Lance DelFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Coche les cases suivantes :

Supprimer les outils de désinfection
Purger la restauration système



@+
Messages postés
10
Date d'inscription
mercredi 16 juillet 2014
Statut
Membre
Dernière intervention
18 juillet 2014

ok, pas de soucis, mille fois merci