Sujet Précédent Sujet Suivant

Virus

ambrinet Messages postés 90 Statut Membre -  
ambrinet Messages postés 90 Statut Membre -
Bonjour,
J'ai attrapé un virus qui contamine 3 pc relié en wifi chez moi. il provient de ce pc xp a cause de msn je pense.
J'ai fait hijackthis mais je ne sais pas le lire. Voici le résultat en esperant que j'ai utilisé la bonne méthode. Pouvez vous m'aider?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:18, on 28/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
I:\Program Files\Mozilla Firefox\plugin-container.exe
I:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
I:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
I:\WINDOWS\system32\msiexec.exe
I:\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=114632&tt=4612_6&babsrc=HP_ss&mntrId=00000000000000000000d85d4c87d0d0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10007&barid={20911450-0CB0-49AB-A996-A7D02157451F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - I:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - I:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O4 - HKLM\..\Run: [avast5] I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F782A29-68C1-4706-B0FA-EFDF3F46BF28}: NameServer = 192.168.1.1
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - I:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - I:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - I:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - I:\WINDOWS\system32\imapi.exe
O23 - Service: LVCOMSer - Logitech Inc. - I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - I:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - I:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - I:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - I:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - I:\WINDOWS\system32\wbem\wmiapsrv.exe
A voir également:

4 réponses

Réponse 1 / 4
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
salut,

Spybot est dépassé, désinstalle le.
Pas efficace.

Qu'est ce qui te fait dire que tu es infecté?
0
Réponse 2 / 4
ambrinet Messages postés 90 Statut Membre
 
Je sais que je suis infesté car dés que j'allume n'importe quel pc je recois un message msn de teréza que je ne connais pas
0
Réponse 3 / 4
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
Bloque le contact.

~~

Je pense pas que le PC soit infecté.

Télécharge http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

puis :

Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

* Clique sur le bouton Analyse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT

0
Réponse 4 / 4
ambrinet Messages postés 90 Statut Membre
 
Voici le premier rapport, l'autre est trop volumineux pour passer sur le site alors je vous l'envoi tel quel. Le contact virus je ne peux pas le bloquer justement c'est un message hors ligne qui apparait
sur tout mes ordinateurs lorsque j'allume sans email.
En vous remerciant de l'attention que vous me portez.

L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=20130128_v7b5j7w8k8

OTL logfile created on: 28/01/2013 14:55:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Documents and Settings\admin\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 438,57 Mb Available Physical Memory | 42,86% Memory free
2,90 Gb Paging File | 2,39 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 74,52 Gb Total Space | 43,84 Gb Free Space | 58,83% Space Free | Partition Type: NTFS

Computer Name: JADE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/01/28 14:47:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\admin\Mes documents\Téléchargements\OTL.exe
PRC - [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- I:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/01/28 09:29:32 | 002,049,536 | ---- | M] () -- I:\Program Files\Alwil Software\Avast5\defs\13012800\algo.dll
MOD - [2013/01/20 16:45:02 | 003,022,232 | ---- | M] () -- I:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/12/18 15:28:24 | 000,301,056 | ---- | M] () -- I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2008/07/26 08:24:04 | 000,068,120 | ---- | M] () -- I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008/04/13 18:33:32 | 000,014,336 | ---- | M] () -- I:\WINDOWS\system32\msdmo.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- I:\WINDOWS\system32\pdfcmnnt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- I:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- I:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- I:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/01/13 20:21:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- I:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 11:20:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- I:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- I:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- I:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- I:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- I:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/23 09:51:40 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008/07/26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/07/26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 10:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2006/04/01 19:33:02 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/11/19 02:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}: "URL" = http://blingee.com/404{searchTerms}
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\..\SearchScopes\{FDB49783-AC88-415E-8DB5-B0A87CA864D7}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=fr_FR&apn_ptnrs=LH&apn_dtid=YYYYYYYYFR&apn_uid=B8B3D017-2FE6-4092-8DD1-EA2C17F36D97&apn_sauid=2B40D520-2D2B-479D-9DF1-CA551B181396
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.1.22229
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: I:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: I:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/10 13:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2013/01/20 16:45:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins

[2012/08/14 11:53:22 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2012/12/22 21:56:19 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lwosbicx.default\extensions
[2013/01/20 16:44:39 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2012/11/10 13:45:47 | 000,000,000 | ---D | M] (avast! WebRep) -- I:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2013/01/20 16:45:05 | 000,262,552 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/20 16:45:00 | 000,001,609 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/09/23 17:54:29 | 000,002,465 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/06 19:21:54 | 000,002,035 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013/01/20 16:45:00 | 000,001,476 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2013/01/20 16:45:00 | 000,001,399 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/12/06 19:21:53 | 000,001,169 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://search.babylon.com/?affID=115303&tt=201112_1849_4712_7&babsrc=HP_ss&mntrId=00000000000000000000d85d4c87d0d0
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://home.sweetim.com/?crg=3.1010000.10007&barid={20911450-0CB0-49AB-A996-A7D02157451F}
CHR - plugin: Shockwave Flash (Enabled) = I:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = I:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = I:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll
CHR - plugin: SweetIM GC Helper (Enabled) = I:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
CHR - plugin: Adobe Acrobat (Enabled) = I:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = I:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = I:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = I:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\1.0.1.6_0\
CHR - Extension: avast! WebRep = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: No name found = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\1.0.1.6_0\
CHR - Extension: avast! WebRep = I:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - I:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] I:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-2077806209-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} https://www.bitdefender.com/toolbox/ (Bitdefender QuickScan Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F782A29-68C1-4706-B0FA-EFDF3F46BF28}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B39FB613-C269-4264-89CA-E6B5DBA18BBB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: I:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: I:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk - I:\Program Files\Logitech\QuickCam\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpFolder: I:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.3.lnk - I:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OfferBox.lnk - - File not found
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - I:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]aswAhAScr.dll[/b] - hkey= - key= - I:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
MsConfig - StartUpReg: [b]aswasOutExt.dll[/b] - hkey= - key= - I:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
MsConfig - StartUpReg: [b]aswaswOtl.dll[/b] - hkey= - key= - I:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
MsConfig - StartUpReg: [b]Connexion SFR 9props.exe[/b] - hkey= - key= - I:\Program Files\Neuf\Kit\9props.exe (SFR)
MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Facebook Update[/b] - hkey= - key= - I:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: [b]FaxCenterServer[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]LogitechCommunicationsManager[/b] - hkey= - key= - I:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: [b]LogitechQuickCamRibbon[/b] - hkey= - key= - I:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: [b]lxddamon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]lxddmon.exe[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]Neuf Media Center[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]removeSearchcoredatamngr[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]removeSearchcoretoolbar[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]SoundMan[/b] - hkey= - key= - I:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]SuperCopier2.exe[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]{1017A80C-6F09-4548-A84D-EDD6AC9525F0}[/b] - hkey= - key= - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - i:\WINDOWS\system32\Rundll32.exe i:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "I:\Program Files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - I:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - I:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - I:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - I:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - I:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - I:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to I:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/01/28 14:38:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy 2
[2013/01/28 14:38:25 | 000,015,224 | ---- | C] (Safer Networking Limited) -- I:\WINDOWS\System32\sdnclean.exe
[2013/01/28 14:38:13 | 000,000,000 | ---D | C] -- I:\Program Files\Spybot - Search & Destroy 2
[2013/01/28 14:26:54 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\admin\Recent
[2013/01/28 14:25:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\admin\Application Data\Skype
[2013/01/28 14:24:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
[2013/01/28 14:24:52 | 000,000,000 | ---D | C] -- I:\Program Files\Fichiers communs\Skype
[2013/01/28 14:24:48 | 000,000,000 | R--D | C] -- I:\Program Files\Skype
[2013/01/28 14:23:50 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Skype
[2013/01/28 09:59:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\admin\Menu Démarrer\Programmes\HiJackThis
[2013/01/28 09:59:29 | 000,000,000 | ---D | C] -- I:\Trend Micro
[2013/01/20 16:44:37 | 000,000,000 | ---D | C] -- I:\Program Files\Mozilla Firefox
[38 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]
[37 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[1 I:\Documents and Settings\All Users\*.tmp files -> I:\Documents and Settings\All Users\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/01/28 14:56:38 | 000,000,512 | ---- | M] () -- I:\PhysicalMBR.bin
[2013/01/28 14:43:39 | 000,000,664 | ---- | M] () -- I:\WINDOWS\System32\d3d9caps.dat
[2013/01/28 14:43:26 | 000,013,684 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2013/01/28 14:42:42 | 000,000,366 | -H-- | M] () -- I:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/28 14:42:41 | 000,001,050 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 14:42:40 | 000,000,620 | ---- | M] () -- I:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/01/28 14:42:31 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2013/01/28 14:38:56 | 000,000,616 | ---- | M] () -- I:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/01/28 14:38:56 | 000,000,446 | ---- | M] () -- I:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/01/28 14:38:38 | 000,001,836 | ---- | M] () -- I:\Documents and Settings\All Users\Bureau\Spybot-S&D Start Center.lnk
[2013/01/28 14:33:00 | 000,001,054 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/28 14:24:54 | 000,001,878 | ---- | M] () -- I:\Documents and Settings\All Users\Bureau\Skype.lnk
[2013/01/28 14:16:00 | 000,001,002 | ---- | M] () -- I:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/28 13:39:00 | 000,000,998 | ---- | M] () -- I:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2077806209-1801674531-1003UA.job
[2013/01/28 09:59:31 | 000,001,956 | ---- | M] () -- I:\Documents and Settings\admin\Bureau\HiJackThis.lnk
[2013/01/18 19:39:06 | 000,000,976 | ---- | M] () -- I:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2077806209-1801674531-1003Core.job
[2013/01/16 16:40:17 | 000,001,831 | ---- | M] () -- I:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/13 22:21:49 | 000,540,794 | ---- | M] () -- I:\WINDOWS\System32\perfh00C.dat
[2013/01/13 22:21:49 | 000,091,640 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2013/01/13 22:21:49 | 000,090,554 | ---- | M] () -- I:\WINDOWS\System32\perfc00C.dat
[2013/01/13 22:21:49 | 000,051,726 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[38 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]
[37 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[1 I:\Documents and Settings\All Users\*.tmp files -> I:\Documents and Settings\All Users\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/01/28 14:56:38 | 000,000,512 | ---- | C] () -- I:\PhysicalMBR.bin
[2013/01/28 14:38:55 | 000,000,446 | ---- | C] () -- I:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/01/28 14:38:54 | 000,000,616 | ---- | C] () -- I:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/01/28 14:38:53 | 000,000,620 | ---- | C] () -- I:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/01/28 14:38:38 | 000,001,842 | ---- | C] () -- I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot-S&D Start Center.lnk
[2013/01/28 14:38:38 | 000,001,836 | ---- | C] () -- I:\Documents and Settings\All Users\Bureau\Spybot-S&D Start Center.lnk
[2013/01/28 14:24:54 | 000,001,878 | ---- | C] () -- I:\Documents and Settings\All Users\Bureau\Skype.lnk
[2013/01/28 09:59:31 | 000,001,956 | ---- | C] () -- I:\Documents and Settings\admin\Bureau\HiJackThis.lnk
[2012/12/22 21:15:33 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\pdfcmnnt.dll
[2012/11/20 21:09:08 | 000,320,502 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/19 19:15:10 | 000,000,552 | ---- | C] () -- I:\WINDOWS\System32\d3d8caps.dat
[2012/11/10 23:52:57 | 000,000,664 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2012/08/14 11:53:07 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2012/02/27 11:01:31 | 000,066,482 | R--- | C] () -- I:\WINDOWS\System32\lvcoinst.ini
[2012/02/16 17:06:47 | 000,003,072 | ---- | C] () -- I:\WINDOWS\System32\iacenc.dll
[2011/09/26 12:32:04 | 000,000,102 | ---- | C] () -- I:\Documents and Settings\All Users\lxdd
[2011/09/26 12:05:43 | 000,012,288 | ---- | C] () -- I:\WINDOWS\System32\LXF3PMRC.DLL
[2011/09/18 10:10:14 | 000,451,072 | ---- | C] () -- I:\WINDOWS\System32\ISSRemoveSP.exe
[2011/08/26 11:16:26 | 000,004,205 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2011/08/26 11:13:00 | 000,294,864 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/26 09:59:29 | 000,012,288 | ---- | C] () -- I:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 09:59:29 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2011/08/26 09:56:17 | 000,032,768 | ---- | C] () -- I:\WINDOWS\System32\BCGPOleAcc.dll
[2011/08/26 09:27:30 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2011/08/26 09:21:53 | 000,021,892 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2011/09/26 11:56:04 | 000,000,227 | RHS- | M] () -- I:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 12:33:21 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = I:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = I:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/02/27 11:03:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Leadertech
[2011/09/26 12:13:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Lexmark Productivity Studio
[2012/11/10 21:19:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\MSNInstaller
[2011/11/19 11:45:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\OpenOffice.org
[2012/07/15 19:13:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\PhotoFiltre 7
[2012/08/13 08:10:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\QuickScan
[2012/04/25 21:44:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\searchcoreband
[2011/09/07 14:14:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/01/20 19:03:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2012/08/15 14:16:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Adobe
[2011/09/07 14:14:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/26 12:05:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FaxCtr
[2012/03/29 16:19:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Logishrd
[2012/02/27 10:59:15 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Logitech
[2012/08/15 14:16:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\McAfee
[2013/01/28 14:38:38 | 000,000,000 | --SD | M] -- I:\Documents and Settings\All Users\Application Data\Microsoft
[2013/01/13 22:15:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/09/16 08:44:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Mozilla
[2012/11/10 21:19:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/01/28 14:25:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Skype
[2013/01/28 14:38:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/20 19:03:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver
[2011/08/26 11:19:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/04/26 10:01:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Yahoo!

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\AcrobatUpdater.exe
[2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\AdobeARM.exe
[2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\AdobeARMHelper.exe
[2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\1285\ReaderUpdater.exe
[2011/09/05 22:51:05 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA1000000001}\setup.exe
[2009/10/23 09:52:04 | 000,077,312 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver\Utilitaire TL-WN321G Wireless\Driver\devcon.exe
[2009/10/23 09:52:04 | 000,528,384 | ---- | M] () -- I:\Documents and Settings\All Users\Application Data\TP-LINK Driver\Utilitaire TL-WN321G Wireless\Driver\RaInst.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2011/11/20 14:49:24 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Adobe
[2012/01/07 23:17:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\dvdcss
[2011/09/26 16:36:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\FaxCtr
[2012/11/07 17:42:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Google
[2011/08/26 09:31:24 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Identities
[2012/02/27 11:03:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Leadertech
[2011/09/26 12:13:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Lexmark Productivity Studio
[2011/09/07 14:24:54 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Macromedia
[2013/01/28 09:59:32 | 000,000,000 | --SD | M] -- I:\Documents and Settings\admin\Application Data\Microsoft
[2012/08/14 11:53:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Mozilla
[2012/11/10 21:19:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\MSNInstaller
[2011/11/19 11:45:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\OpenOffice.org
[2012/07/15 19:13:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\PhotoFiltre 7
[2012/08/13 08:10:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\QuickScan
[2012/04/25 21:44:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\searchcoreband
[2013/01/28 14:39:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Skype
[2012/01/30 20:43:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\vlc
[2012/02/18 17:50:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\admin\Application Data\Yahoo!

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2011/09/07 14:25:11 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- I:\Documents and Settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2013/01/28 09:59:32 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- I:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[color=#A23BEC]< %temp%\.exe /s >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\consrv.dll >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[37 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2011/08/26 11:11:52 | 000,094,208 | ---- | M] () -- I:\WINDOWS\System32\config\default.sav
[2011/08/26 11:11:51 | 001,093,632 | ---- | M] () -- I:\WINDOWS\System32\config\software.sav
[2011/08/26 11:11:51 | 000,471,040 | ---- | M] () -- I:\WINDOWS\System32\config\system.sav

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- I:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- I:\WINDOWS\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- I:\WINDOWS\system32\dllcache\explorer.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- I:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- I:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s >[/color]
"" = I:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color]
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2012/11/13 12:55:44 | 001,866,496 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s >[/color]
"ProfilesDirectory" = %SystemDrive%\Documents and Settings -- [2013/01/19 10:27:47 | 000,000,000 | ---D | M]
"DefaultUserProfile" = Default User
"AllUsersProfile" = All Users
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags" = 12
"State" = 0
"RefCount" = 1
"Sid" = 01 01 00 00 00 00 00 05 12 00 00 00 [binary data]
"ProfileImagePath" = %systemroot%\system32\config\systemprofile -- [2011/08/26 09:27:25 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\LocalService -- [2012/03/02 11:45:01 | 000,000,000 | -HSD | M]
"Sid" = 01 01 00 00 00 00 00 05 13 00 00 00 [binary data]
"Flags" = 9
"State" = 0
"CentralProfile" =
"ProfileLoadTimeLow" = 1396039228
"ProfileLoadTimeHigh" = 30276957
"RefCount" = 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\NetworkService -- [2011/09/22 11:32:27 | 000,000,000 | -HSD | M]
"Sid" = 01 01 00 00 00 00 00 05 14 00 00 00 [binary data]
"Flags" = 9
"State" = 0
"CentralProfile" =
"ProfileLoadTimeLow" = 1387132978
"ProfileLoadTimeHigh" = 30276957
"RefCount" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1659004503-2077806209-1801674531-1003]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\admin -- [2013/01/28 14:26:54 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 57 66 E2 62 81 CE D8 7B 23 5F 63 6B EB 03 00 00 [binary data]
"Flags" = 0
"State" = 256
"CentralProfile" =
"ProfileLoadTimeLow" = 1400882978
"ProfileLoadTimeHigh" = 30276957
"RefCount" = 1
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1659004503-2077806209-1801674531-500]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Administrateur -- [2013/01/19 14:28:29 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 57 66 E2 62 81 CE D8 7B 23 5F 63 6B F4 01 00 00 [binary data]
"Flags" = 0
"State" = 260
"CentralProfile" =
"ProfileLoadTimeLow" = 1122698894
"ProfileLoadTimeHigh" = 30275111
"RefCount" = 0
"RunLogonScriptSync" = 0

[color=#A23BEC]< nslookup www.google.fr /c >[/color]
No captured output from command...

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "I:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "I:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/20 16:44:59 | 000,866,784 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "I:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/20 16:44:59 | 000,866,784 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "I:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/20 16:44:59 | 000,866,784 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: I:\Program Files\Mozilla Firefox\firefox.exe [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "I:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "I:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/20 16:45:04 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "I:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "I:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "I:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "I:\Program Files\Google\Chrome\Application\chrome.exe" [
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses