Virus

ambrinet Messages postés 90 Statut Membre -  
ambrinet Messages postés 90 Statut Membre -
Bonjour,
J'ai attrapé un virus qui contamine 3 pc relié en wifi chez moi. il provient de ce pc xp a cause de msn je pense.
J'ai fait hijackthis mais je ne sais pas le lire. Voici le résultat en esperant que j'ai utilisé la bonne méthode. Pouvez vous m'aider?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:18, on 28/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
I:\Program Files\Mozilla Firefox\plugin-container.exe
I:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
I:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
I:\WINDOWS\system32\msiexec.exe
I:\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=114632&tt=4612_6&babsrc=HP_ss&mntrId=00000000000000000000d85d4c87d0d0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10007&barid={20911450-0CB0-49AB-A996-A7D02157451F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - I:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - I:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O4 - HKLM\..\Run: [avast5] I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F782A29-68C1-4706-B0FA-EFDF3F46BF28}: NameServer = 192.168.1.1
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - I:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - I:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - I:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - I:\WINDOWS\system32\imapi.exe
O23 - Service: LVCOMSer - Logitech Inc. - I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - I:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - I:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - I:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - I:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - I:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7399 bytes

En plus sur un autre pc vista il m'a sorti soudainement que ce n'était pas une version d'origine alors que c'est un pc que j'ai acheté et je l'ai déja emmener au réparateur une foi pour changer la carte mére?

Cordialement

4 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    salut,

    Spybot est dépassé, désinstalle le.
    Pas efficace.

    Qu'est ce qui te fait dire que tu es infecté?
    0
  2. ambrinet Messages postés 90 Statut Membre
     
    Je sais que je suis infesté car dés que j'allume n'importe quel pc je recois un message msn de teréza que je ne connais pas
    0
  3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Bloque le contact.

    ~~

    Je pense pas que le PC soit infecté.

    Télécharge http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner ( d'Xplode ) sur ton bureau.
    Lance le, clique sur [Suppression] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).
    Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

    puis :

    Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections :

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

    * Lance OTL
    * En haut à droite de Analyse rapide, coche "tous les utilisateurs"
    * Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\consrv.dll
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
    CREATERESTOREPOINT
    nslookup www.google.fr /c
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs


    * Clique sur le bouton Analyse.

    NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
    NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT

    0
  4. ambrinet Messages postés 90 Statut Membre
     
    Voici le premier rapport, l'autre est trop volumineux pour passer sur le site alors je vous l'envoi tel quel. Le contact virus je ne peux pas le bloquer justement c'est un message hors ligne qui apparait
    sur tout mes ordinateurs lorsque j'allume sans email.
    En vous remerciant de l'attention que vous me portez.

    L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=20130128_v7b5j7w8k8

    OTL logfile created on: 28/01/2013 14:55:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = I:\Documents and Settings\admin\Mes documents\Téléchargements
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1023,36 Mb Total Physical Memory | 438,57 Mb Available Physical Memory | 42,86% Memory free
    2,90 Gb Paging File | 2,39 Gb Available in Paging File | 82,32% Paging File free
    Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
    Drive I: | 74,52 Gb Total Space | 43,84 Gb Free Space | 58,83% Space Free | Partition Type: NTFS

    Computer Name: JADE | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2013/01/28 14:47:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\admin\Mes documents\Téléchargements\OTL.exe
    PRC - [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- I:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe

    [color=#E56717]========== Modules (No Company Name) ==========[/color]

    MOD - [2013/01/28 09:29:32 | 002,049,536 | ---- | M] () -- I:\Program Files\Alwil Software\Avast5\defs\13012800\algo.dll
    MOD - [2013/01/20 16:45:02 | 003,022,232 | ---- | M] () -- I:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/12/18 15:28:24 | 000,301,056 | ---- | M] () -- I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
    MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    MOD - [2008/07/26 08:24:04 | 000,068,120 | ---- | M] () -- I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll
    MOD - [2008/04/13 18:33:32 | 000,014,336 | ---- | M] () -- I:\WINDOWS\system32\msdmo.dll
    MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- I:\WINDOWS\system32\pdfcmnnt.dll

    [color=#E56717]========== Services (SafeList) ==========[/color]

    SRV - File not found [Auto | Stopped] -- I:\Program Files\Spybot -- (SDWSCService)
    SRV - File not found [Auto | Running] -- I:\Program Files\Spybot -- (SDUpdateService)
    SRV - File not found [Auto | Running] -- I:\Program Files\Spybot -- (SDScannerService)
    SRV - [2013/01/13 20:21:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- I:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/09 11:20:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- I:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/10/30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- I:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- I:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/10/23 09:51:40 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2008/07/26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/07/26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2008/07/26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
    DRV - [2008/07/26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/04/13 10:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2006/04/01 19:33:02 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
    DRV - [2005/11/19 02:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}: "URL" = http://blingee.com/404{searchTerms}
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{FDB49783-AC88-415E-8DB5-B0A87CA864D7}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=fr_FR&apn_ptnrs=LH&apn_dtid=YYYYYYYYFR&apn_uid=B8B3D017-2FE6-4092-8DD1-EA2C17F36D97&apn_sauid=2B40D520-2D2B-479D-9DF1-CA551B181396
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.1.22229
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: I:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: I:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/10 13:45:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2013/01/20 16:45:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins

    [2012/08/14 11:53:22 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\admin\Application Data\Mozilla\Extensions
    [2012/12/22 21:56:19 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lwosbicx.default\extensions
    [2013/01/20 16:44:39 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
    [2012/11/10 13:45:47 | 000,000,000 | ---D | M] (avast! WebRep) -- I:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2013/01/20 16:45:05 | 000,262,552 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/01/20 16:45:00 | 000,001,609 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2012/09/23 17:54:29 | 000,002,465 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/12/06 19:21:54 | 000,002,035 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2013/01/20 16:45:00 | 000,001,476 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2013/01/20 16:45:00 | 000,001,399 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2012/12/06 19:21:53 | 000,001,169 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    [color=#E56717]========== Chrome ==========[/color]

    CHR - homepage: http://search.babylon.com/?affID=115303&tt=201112_1849_4712_7&babsrc=HP_ss&mntrId=00000000000000000000d85d4c87d0d0
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: https://home.sweetim.com/?crg=3.1010000.10007&barid={20911450-0CB0-49AB-A996-A7D02157451F}
    CHR - plugin: Shockwave Flash (Enabled) = I:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = I:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: SweetIM GC Helper (Enabled) = I:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll
    CHR - plugin: SweetIM GC Helper (Enabled) = I:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
    CHR - plugin: Adobe Acrobat (Enabled) = I:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = I:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Earth Plugin (Enabled) = I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = I:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = I:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Shockwave Flash (Enabled) = I:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: No name found = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\1.0.1.6_0\
    CHR - Extension: avast! WebRep = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: No name found = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\1.0.1.6_0\
    CHR - Extension: avast! WebRep = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

    O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - I:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll (SFR)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast5] I:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [SDTray] I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} https://www.bitdefender.com/toolbox/ (Bitdefender QuickScan Control)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F782A29-68C1-4706-B0FA-EFDF3F46BF28}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B39FB613-C269-4264-89CA-E6B5DBA18BBB}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: I:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: I:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: I:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk - I:\Program Files\Logitech\QuickCam\eReg.exe - (Leader Technologies/Logitech)
    MsConfig - StartUpFolder: I:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.3.lnk - I:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
    MsConfig - StartUpFolder: I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OfferBox.lnk - - File not found
    MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - I:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: [b]aswAhAScr.dll[/b] - hkey= - key= - I:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
    MsConfig - StartUpReg: [b]aswasOutExt.dll[/b] - hkey= - key= - I:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
    MsConfig - StartUpReg: [b]aswaswOtl.dll[/b] - hkey= - key= - I:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
    MsConfig - StartUpReg: [b]Connexion SFR 9props.exe[/b] - hkey= - key= - I:\Program Files\Neuf\Kit\9props.exe (SFR)
    MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]Facebook Update[/b] - hkey= - key= - I:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    MsConfig - StartUpReg: [b]FaxCenterServer[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]LogitechCommunicationsManager[/b] - hkey= - key= - I:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
    MsConfig - StartUpReg: [b]LogitechQuickCamRibbon[/b] - hkey= - key= - I:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    MsConfig - StartUpReg: [b]lxddamon[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]lxddmon.exe[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: [b]Neuf Media Center[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]removeSearchcoredatamngr[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]removeSearchcoretoolbar[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]SoundMan[/b] - hkey= - key= - I:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: [b]SuperCopier2.exe[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]{1017A80C-6F09-4548-A84D-EDD6AC9525F0}[/b] - hkey= - key= - File not found

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - i:\WINDOWS\system32\Rundll32.exe i:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "I:\Program Files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - I:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - I:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - I:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - I:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.VP60 - I:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - I:\WINDOWS\system32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
    PhysicalDisk0 MBR saved to I:\PhysicalMBR.bin

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2013/01/28 14:38:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy 2
    [2013/01/28 14:38:25 | 000,015,224 | ---- | C] (Safer Networking Limited) -- I:\WINDOWS\System32\sdnclean.exe
    [2013/01/28 14:38:13 | 000,000,000 | ---D | C] -- I:\Program Files\Spybot - Search & Destroy 2
    [2013/01/28 14:26:54 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\admin\Recent
    [2013/01/28 14:25:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\admin\Application Data\Skype
    [2013/01/28 14:24:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
    [2013/01/28 14:24:52 | 000,000,000 | ---D | C] -- I:\Program Files\Fichiers communs\Skype
    [2013/01/28 14:24:48 | 000,000,000 | R--D | C] -- I:\Program Files\Skype
    [2013/01/28 14:23:50 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Skype
    [2013/01/28 09:59:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\admin\Menu Démarrer\Programmes\HiJackThis
    [2013/01/28 09:59:29 | 000,000,000 | ---D | C] -- I:\Trend Micro
    [2013/01/20 16:44:37 | 000,000,000 | ---D | C] -- I:\Program Files\Mozilla Firefox
    [38 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]
    [37 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
    [3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
    [1 I:\Documents and Settings\All Users\*.tmp files -> I:\Documents and Settings\All Users\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2013/01/28 14:56:38 | 000,000,512 | ---- | M] () -- I:\PhysicalMBR.bin
    [2013/01/28 14:43:39 | 000,000,664 | ---- | M] () -- I:\WINDOWS\System32\d3d9caps.dat
    [2013/01/28 14:43:26 | 000,013,684 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
    [2013/01/28 14:42:42 | 000,000,366 | -H-- | M] () -- I:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/01/28 14:42:41 | 000,001,050 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/28 14:42:40 | 000,000,620 | ---- | M] () -- I:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/01/28 14:42:31 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
    [2013/01/28 14:38:56 | 000,000,616 | ---- | M] () -- I:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/01/28 14:38:56 | 000,000,446 | ---- | M] () -- I:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/01/28 14:38:38 | 000,001,836 | ---- | M] () -- I:\Documents and Settings\All Users\Bureau\Spybot-S&D Start Center.lnk
    [2013/01/28 14:33:00 | 000,001,054 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/28 14:24:54 | 000,001,878 | ---- | M] () -- I:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2013/01/28 14:16:00 | 000,001,002 | ---- | M] () -- I:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/28 13:39:00 | 000,000,998 | ---- | M] () -- I:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2077806209-1801674531-1003UA.job
    [2013/01/28 09:59:31 | 000,001,956 | ---- | M] () -- I:\Documents and Settings\admin\Bureau\HiJackThis.lnk
    [2013/01/18 19:39:06 | 000,000,976 | ---- | M] () -- I:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2077806209-1801674531-1003Core.job
    [2013/01/16 16:40:17 | 000,001,831 | ---- | M] () -- I:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/13 22:21:49 | 000,540,794 | ---- | M] () -- I:\WINDOWS\System32\perfh00C.dat
    [2013/01/13 22:21:49 | 000,091,640 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
    [2013/01/13 22:21:49 | 000,090,554 | ---- | M] () -- I:\WINDOWS\System32\perfc00C.dat
    [2013/01/13 22:21:49 | 000,051,726 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
    [38 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]
    [37 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
    [3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
    [1 I:\Documents and Settings\All Users\*.tmp files -> I:\Documents and Settings\All Users\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2013/01/28 14:56:38 | 000,000,512 | ---- | C] () -- I:\PhysicalMBR.bin
    [2013/01/28 14:38:55 | 000,000,446 | ---- | C] () -- I:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/01/28 14:38:54 | 000,000,616 | ---- | C] () -- I:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/01/28 14:38:53 | 000,000,620 | ---- | C] () -- I:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/01/28 14:38:38 | 000,001,842 | ---- | C] () -- I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot-S&D Start Center.lnk
    [2013/01/28 14:38:38 | 000,001,836 | ---- | C] () -- I:\Documents and Settings\All Users\Bureau\Spybot-S&D Start Center.lnk
    [2013/01/28 14:24:54 | 000,001,878 | ---- | C] () -- I:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2013/01/28 09:59:31 | 000,001,956 | ---- | C] () -- I:\Documents and Settings\admin\Bureau\HiJackThis.lnk
    [2012/12/22 21:15:33 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\pdfcmnnt.dll
    [2012/11/20 21:09:08 | 000,320,502 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/11/19 19:15:10 | 000,000,552 | ---- | C] () -- I:\WINDOWS\System32\d3d8caps.dat
    [2012/11/10 23:52:57 | 000,000,664 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
    [2012/08/14 11:53:07 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
    [2012/02/27 11:01:31 | 000,066,482 | R--- | C] () -- I:\WINDOWS\System32\lvcoinst.ini
    [2012/02/16 17:06:47 | 000,003,072 | ---- | C] () -- I:\WINDOWS\System32\iacenc.dll
    [2011/09/26 12:32:04 | 000,000,102 | ---- | C] () -- I:\Documents and Settings\All Users\lxdd
    [2011/09/26 12:05:43 | 000,012,288 | ---- | C] () -- I:\WINDOWS\System32\LXF3PMRC.DLL
    [2011/09/18 10:10:14 | 000,451,072 | ---- | C] () -- I:\WINDOWS\System32\ISSRemoveSP.exe
    [2011/08/26 11:16:26 | 000,004,205 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
    [2011/08/26 11:13:00 | 000,294,864 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
    [2011/08/26 09:59:29 | 000,012,288 | ---- | C] () -- I:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/26 09:59:29 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
    [2011/08/26 09:56:17 | 000,032,768 | ---- | C] () -- I:\WINDOWS\System32\BCGPOleAcc.dll
    [2011/08/26 09:27:30 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
    [2011/08/26 09:21:53 | 000,021,892 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat

    [color=#E56717]========== ZeroAccess Check ==========[/color]

    [2011/09/26 11:56:04 | 000,000,227 | RHS- | M] () -- I:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 12:33:21 | 001,510,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = I:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = I:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [color=#E56717]========== LOP Check ==========[/color]

    [2012/02/27 11:03:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Leadertech
    [2011/09/26 12:13:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Lexmark Productivity Studio
    [2012/11/10 21:19:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\MSNInstaller
    [2011/11/19 11:45:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\OpenOffice.org
    [2012/07/15 19:13:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\PhotoFiltre 7
    [2012/08/13 08:10:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\QuickScan
    [2012/04/25 21:44:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\searchcoreband
    [2011/09/07 14:14:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/01/20 19:03:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver

    [color=#E56717]========== Purity Check ==========[/color]

    [color=#E56717]========== Custom Scans ==========[/color]

    [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
    [2012/08/15 14:16:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Adobe
    [2011/09/07 14:14:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/09/26 12:05:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FaxCtr
    [2012/03/29 16:19:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Logishrd
    [2012/02/27 10:59:15 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Logitech
    [2012/08/15 14:16:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\McAfee
    [2013/01/28 14:38:38 | 000,000,000 | --SD | M] -- I:\Documents and Settings\All Users\Application Data\Microsoft
    [2013/01/13 22:15:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    [2012/09/16 08:44:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/11/10 21:19:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2013/01/28 14:25:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Skype
    [2013/01/28 14:38:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2012/01/20 19:03:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver
    [2011/08/26 11:19:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2012/04/26 10:01:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Yahoo!

    [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
    [2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\AcrobatUpdater.exe
    [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\AdobeARM.exe
    [2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\AdobeARMHelper.exe
    [2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\ReaderUpdater.exe
    [2011/09/05 22:51:05 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA1000000001}\setup.exe
    [2009/10/23 09:52:04 | 000,077,312 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver\Utilitaire TL-WN321G Wireless\Driver\devcon.exe
    [2009/10/23 09:52:04 | 000,528,384 | ---- | M] () -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver\Utilitaire TL-WN321G Wireless\Driver\RaInst.exe

    [color=#A23BEC]< %APPDATA%\*. >[/color]
    [2011/11/20 14:49:24 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Adobe
    [2012/01/07 23:17:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\dvdcss
    [2011/09/26 16:36:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\FaxCtr
    [2012/11/07 17:42:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Google
    [2011/08/26 09:31:24 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Identities
    [2012/02/27 11:03:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Leadertech
    [2011/09/26 12:13:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Lexmark Productivity Studio
    [2011/09/07 14:24:54 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Macromedia
    [2013/01/28 09:59:32 | 000,000,000 | --SD | M] -- I:\Documents and Settings\admin\Application Data\Microsoft
    [2012/08/14 11:53:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Mozilla
    [2012/11/10 21:19:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\MSNInstaller
    [2011/11/19 11:45:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\OpenOffice.org
    [2012/07/15 19:13:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\PhotoFiltre 7
    [2012/08/13 08:10:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\QuickScan
    [2012/04/25 21:44:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\searchcoreband
    [2013/01/28 14:39:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Skype
    [2012/01/30 20:43:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\vlc
    [2012/02/18 17:50:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Yahoo!

    [color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
    [2011/09/07 14:25:11 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- I:\Documents and Settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    [2013/01/28 09:59:32 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- I:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    [color=#A23BEC]< %temp%\.exe /s >[/color]

    [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

    [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

    [color=#A23BEC]< %systemroot%\system32\consrv.dll >[/color]

    [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
    [37 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

    [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

    [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

    [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
    [2011/08/26 11:11:52 | 000,094,208 | ---- | M] () -- I:\WINDOWS\System32\config\default.sav
    [2011/08/26 11:11:51 | 001,093,632 | ---- | M] () -- I:\WINDOWS\System32\config\software.sav
    [2011/08/26 11:11:51 | 000,471,040 | ---- | M] () -- I:\WINDOWS\System32\config\system.sav

    [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
    [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- I:\Program Files\Spybot - Search & Destroy 2\explorer.exe
    [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- I:\WINDOWS\explorer.exe
    [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- I:\WINDOWS\system32\dllcache\explorer.exe

    [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
    [2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- I:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- I:\WINDOWS\system32\winlogon.exe

    [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s >[/color]
    "" = I:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >[/color]

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color]
    "Debug" =
    "Kmode" = %SystemRoot%\system32\win32k.sys -- [2012/11/13 12:55:44 | 001,866,496 | ---- | M] (Microsoft Corporation)
    "Optional" = Posix [binary data]
    "Posix" = %SystemRoot%\system32\psxss.exe
    "Required" = DebugWindows [binary data]
    "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
    "CsrSrvSharedSectionBase" = 2137980928

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s >[/color]

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s >[/color]
    "ProfilesDirectory" = %SystemDrive%\Documents and Settings -- [2013/01/19 10:27:47 | 000,000,000 | ---D | M]
    "DefaultUserProfile" = Default User
    "AllUsersProfile" = All Users
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
    "Flags" = 12
    "State" = 0
    "RefCount" = 1
    "Sid" = 01 01 00 00 00 00 00 05 12 00 00 00 [binary data]
    "ProfileImagePath" = %systemroot%\system32\config\systemprofile -- [2011/08/26 09:27:25 | 000,000,000 | ---D | M]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
    "ProfileImagePath" = %SystemDrive%\Documents and Settings\LocalService -- [2012/03/02 11:45:01 | 000,000,000 | -HSD | M]
    "Sid" = 01 01 00 00 00 00 00 05 13 00 00 00 [binary data]
    "Flags" = 9
    "State" = 0
    "CentralProfile" =
    "ProfileLoadTimeLow" = 1396039228
    "ProfileLoadTimeHigh" = 30276957
    "RefCount" = 3
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
    "ProfileImagePath" = %SystemDrive%\Documents and Settings\NetworkService -- [2011/09/22 11:32:27 | 000,000,000 | -HSD | M]
    "Sid" = 01 01 00 00 00 00 00 05 14 00 00 00 [binary data]
    "Flags" = 9
    "State" = 0
    "CentralProfile" =
    "ProfileLoadTimeLow" = 1387132978
    "ProfileLoadTimeHigh" = 30276957
    "RefCount" = 2
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1659004503-2077806209-1801674531-1003]
    "ProfileImagePath" = %SystemDrive%\Documents and Settings\admin -- [2013/01/28 14:26:54 | 000,000,000 | ---D | M]
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 57 66 E2 62 81 CE D8 7B 23 5F 63 6B EB 03 00 00 [binary data]
    "Flags" = 0
    "State" = 256
    "CentralProfile" =
    "ProfileLoadTimeLow" = 1400882978
    "ProfileLoadTimeHigh" = 30276957
    "RefCount" = 1
    "RunLogonScriptSync" = 0
    "OptimizedLogonStatus" = 11
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1659004503-2077806209-1801674531-500]
    "ProfileImagePath" = %SystemDrive%\Documents and Settings\Administrateur -- [2013/01/19 14:28:29 | 000,000,000 | ---D | M]
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 57 66 E2 62 81 CE D8 7B 23 5F 63 6B F4 01 00 00 [binary data]
    "Flags" = 0
    "State" = 260
    "CentralProfile" =
    "ProfileLoadTimeLow" = 1122698894
    "ProfileLoadTimeHigh" = 30275111
    "RefCount" = 0
    "RunLogonScriptSync" = 0

    [color=#A23BEC]< nslookup www.google.fr /c >[/color]
    No captured output from command...

    [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "I:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "I:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/20 16:44:59 | 000,866,784 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "I:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/20 16:44:59 | 000,866,784 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "I:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/20 16:44:59 | 000,866,784 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: I:\Program Files\Mozilla Firefox\firefox.exe [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "I:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "I:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "I:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "I:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "I:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "I:\Program Files\Google\Chrome\Application\chrome.exe" [
    0