OTL logfile created on: 12/10/2013 12:09:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\nicole\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1014,98 Mb Total Physical Memory | 560,38 Mb Available Physical Memory | 55,21% Memory free 2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,24% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,25 Gb Total Space | 21,85 Gb Free Space | 58,65% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,68 Gb Free Space | 14,55% Space Free | Partition Type: NTFS Computer Name: MASTER-71A14E51 | User Name: nicole | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/10/12 12:07:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nicole\Bureau\OTL.exe PRC - [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/08/30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/08/30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/10/11 19:09:53 | 002,105,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13101100\algo.dll MOD - [2013/10/03 08:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll MOD - [2013/10/03 08:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll MOD - [2013/10/03 08:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/10/10 19:57:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/09/16 13:03:55 | 000,119,408 | ---- | M] (The Software Group) [On_Demand | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (Software_update_m) SRV - [2013/09/16 13:03:55 | 000,119,408 | ---- | M] (The Software Group) [Auto | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (Software_update) SRV - [2013/08/30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/07/25 09:10:04 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/08/30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/08/30 09:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/08/30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/08/30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/08/30 09:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2013/08/30 09:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/08/30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/08/30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/31 00:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC2710977&ts=1377532129 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google/ IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 72 61 AC C3 93 CC 01 [binary data] IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\..\SearchScopes,DefaultScope = {E2E9BB19-7E79-4D5D-8C17-60907BA3CE5A} IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = http://www.amazon.fr/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_fr_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-fr-ie-21&tbrId=v1_abb-channel-7_2474282ae8c34eef8a067cb1cff5a526_30_46_20130829_FR_ie_ds_&query={searchTerms} IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\..\SearchScopes\{E2E9BB19-7E79-4D5D-8C17-60907BA3CE5A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms} IE - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/20 22:04:56 | 000,000,000 | ---D | M] [2013/06/21 11:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions [2013/08/26 17:48:50 | 000,000,737 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qvo6.xml [2013/01/10 15:08:36 | 000,002,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\StartWeb.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Recherche Google = C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2003/07/22 17:55:17 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306836023640 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1371819569234 (MUWebControl Class) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_5_1_5_0.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5328E26C-FDBB-4EBE-A317-7B0BCB080F90}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\nicole\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\nicole\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/31 11:08:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2c102f78-0c91-11e1-9426-000cf1e3f776}\Shell - "" = AutoRun O33 - MountPoints2\{2c102f78-0c91-11e1-9426-000cf1e3f776}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - vorbis.acm File not found Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941) ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - vorbis.acm File not found Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/10/12 12:07:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nicole\Bureau\OTL.exe [2013/10/11 19:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nicole\Application Data\Malwarebytes [2013/10/11 19:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware [2013/10/11 19:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/10/11 19:28:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/10/11 19:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/10/11 14:05:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nicole\Recent [2013/10/10 19:27:12 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys [2013/10/10 19:27:11 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys [2013/10/10 19:27:11 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys [2013/10/10 19:19:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys [2013/10/10 19:16:21 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys [2013/10/10 19:16:21 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2013/10/10 19:16:21 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys [2013/10/06 18:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nicole\Bureau\Léo 9 jours [2013/10/06 18:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nicole\Bureau\A la maternité [2013/10/06 18:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nicole\Bureau\photos nicole [2013/09/20 12:55:05 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/09/16 13:05:11 | 000,000,000 | ---D | C] -- C:\d60fa604c83796e7502f4ccf8c86a7 [2013/09/16 13:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Umbrella [2013/09/16 13:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\BrowseFox [2013/09/16 13:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Software [2013/09/16 13:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nicole\Local Settings\Application Data\Software [2013/09/15 19:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\predm [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/10/12 12:12:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3394553-DF35-4794-AB93-BD15F21F7D46}.job [2013/10/12 12:11:33 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/10/12 12:07:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nicole\Bureau\OTL.exe [2013/10/12 12:04:06 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/10/12 11:57:57 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/10/12 11:57:42 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/10/12 11:56:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/10/12 11:56:24 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/10/11 20:55:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/10/11 20:51:03 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/10/11 19:28:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2013/10/10 20:33:59 | 000,543,196 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2013/10/10 20:33:59 | 000,473,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/10/10 20:33:59 | 000,090,016 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2013/10/10 20:33:59 | 000,076,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/10/10 19:56:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/10/10 19:56:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/10/10 19:55:51 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/10/06 18:10:50 | 000,009,451 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1371564_469788939798364_1899957597_n.jpg [2013/10/06 18:10:50 | 000,009,024 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1291446_469789153131676_257150241_n.jpg [2013/10/06 18:10:49 | 000,009,787 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1278382_469789093131682_967769167_n.jpg [2013/10/06 18:10:49 | 000,008,800 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1379097_469788606465064_1767332902_n.jpg [2013/10/06 18:10:49 | 000,005,877 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1376059_469788616465063_152301043_n.jpg [2013/10/06 18:10:48 | 000,007,941 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1379198_469786536465271_169421621_n.jpg [2013/10/06 18:10:48 | 000,007,695 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1368699_469788553131736_1587122894_n.jpg [2013/10/06 18:10:48 | 000,007,480 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1388132_469788729798385_1705553671_n.jpg [2013/10/06 18:10:48 | 000,005,895 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\1373901_469788559798402_1373004297_n.jpg [2013/10/05 19:13:51 | 000,002,035 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2013/10/02 20:05:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2013/09/23 20:23:33 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2013/09/23 20:23:32 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013/09/23 20:23:32 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2013/09/23 20:23:32 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2013/09/23 20:23:32 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2013/09/23 20:23:32 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2013/09/23 20:23:32 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2013/09/23 20:23:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2013/09/23 20:23:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2013/09/23 20:23:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2013/09/23 20:23:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2013/09/23 20:23:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2013/09/23 20:23:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2013/09/23 20:23:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2013/09/23 20:23:31 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2013/09/23 20:23:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2013/09/23 20:23:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2013/09/23 20:23:31 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll [2013/09/23 20:23:31 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll [2013/09/23 20:23:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2013/09/23 20:23:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2013/09/23 20:23:30 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2013/09/23 20:23:30 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2013/09/23 20:23:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2013/09/23 20:23:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2013/09/23 20:23:29 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2013/09/23 20:23:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2013/09/23 20:23:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2013/09/23 20:23:29 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2013/09/23 20:23:29 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2013/09/23 20:06:48 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2013/09/22 12:35:34 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\Microsoft Office Excel 2007.lnk [2013/09/20 22:04:58 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/09/16 13:03:48 | 000,581,957 | ---- | M] () -- C:\Documents and Settings\nicole\Bureau\AdwCleaner_1.606_En.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/10/11 21:01:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2013/10/11 19:28:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2013/10/11 15:47:20 | 000,294,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/10/06 18:32:32 | 000,009,024 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1291446_469789153131676_257150241_n.jpg [2013/10/06 18:32:27 | 000,009,787 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1278382_469789093131682_967769167_n.jpg [2013/10/06 18:32:19 | 000,009,451 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1371564_469788939798364_1899957597_n.jpg [2013/10/06 18:30:25 | 000,007,480 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1388132_469788729798385_1705553671_n.jpg [2013/10/06 18:30:19 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1376059_469788616465063_152301043_n.jpg [2013/10/06 18:29:51 | 000,005,895 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1373901_469788559798402_1373004297_n.jpg [2013/10/06 18:29:46 | 000,007,695 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1368699_469788553131736_1587122894_n.jpg [2013/10/06 18:29:37 | 000,007,941 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1379198_469786536465271_169421621_n.jpg [2013/10/06 18:29:21 | 000,008,800 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\1379097_469788606465064_1767332902_n.jpg [2013/09/16 13:03:47 | 000,581,957 | ---- | C] () -- C:\Documents and Settings\nicole\Bureau\AdwCleaner_1.606_En.exe [2013/06/28 07:32:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013/06/26 21:29:55 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013/06/26 21:29:55 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2013/03/12 01:54:47 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/12 01:54:47 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2012/07/06 17:49:50 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2012/03/21 20:58:37 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2012/02/16 14:02:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/12 18:52:59 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011/12/09 13:57:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\nicole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/21 19:55:12 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/10/26 18:14:36 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011/10/26 18:14:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011/10/26 18:14:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat [2011/10/25 21:46:06 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\nicole\Local Settings\Application Data\fusioncache.dat [2011/10/25 20:30:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/06/01 08:12:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011/06/01 10:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org [2011/05/31 17:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/02/12 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2011/10/30 18:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2013/09/15 19:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSafe [2011/10/25 22:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2013/01/14 20:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media [2011/10/30 21:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2011/10/25 22:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/10/26 11:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\Azureus [2012/02/12 18:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\Canneverbe Limited [2011/11/01 17:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\ElevatedDiagnostics [2013/01/14 20:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\encyclopediabritannicagamesbar [2011/10/29 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\Nuance [2011/10/25 22:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\Todae [2013/01/14 20:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\VisicomToolBar [2011/10/25 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nicole\Application Data\Zeon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\Skype.exe: 10001 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\sllauncher.exe: 8000 [color=#A23BEC]< HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs >[/color] [color=#A23BEC]< HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC2710977&ts=1377532124 [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC2710977&ts=1377532124 [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC2710977&ts=1377532124 [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC2710977&ts=1377532124 [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s >[/color] "timer" = timer.drv -- [2003/07/22 18:14:20 | 000,004,096 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s >[/color] "msaud32.acm" = Windows Media Audio Codec "sl_anet.acm" = Sipro Lab Telecom Audio Codec "C:\WINDOWS\System32\l3codeca.acm" = Fraunhofer IIS MPEG Layer-3 Codec "iac25_32.ax" = Indeo® audio software "ir50_32.dll" = Indeo® video 5.10 "wdmaud.drv" = SoundMAX Integrated Digital Audio "vorbis.acm" = Ogg Vorbis Audio CODEC, Based on Xiphophorus libVorbis I 20010910 "sirenacm.dll" = Messenger Audio Codec [color=#A23BEC]< %temp%\smtmp\1\*.* /s >[/color] [color=#A23BEC]< %temp%\smtmp\2\*.* /s >[/color] [color=#A23BEC]< %temp%\smtmp\4\*.* /s >[/color] [color=#A23BEC]< nslookup http://www.google.fr /c >[/color] Serveur : gestionBbox.lan Address: 192.168.1.254 [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2011/10/26 11:07:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\nicole\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe [2013/06/12 18:27:59 | 000,069,632 | R--- | M] (Flexera Software LLC) -- C:\Documents and Settings\nicole\Application Data\Microsoft\Installer\{5D34141D-B287-48EE-A254-02B8368A4E56}\ARPPRODUCTICON.exe [2013/06/12 18:27:59 | 000,049,152 | R--- | M] (Flexera Software LLC) -- C:\Documents and Settings\nicole\Application Data\Microsoft\Installer\{5D34141D-B287-48EE-A254-02B8368A4E56}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe [2011/11/01 17:42:39 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\nicole\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe [2011/11/01 17:42:39 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\nicole\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe [2012/10/18 10:51:52 | 001,259,320 | ---- | M] (Iplay) -- C:\Documents and Settings\nicole\Application Data\VisicomToolBar\gamesagogo_en_w3i_toolbar_3.2.0.36.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2011/05/10 00:48:16 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys [2004/08/04 07:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [2004/08/04 08:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys [color=#A23BEC]< MD5 for: CTFMON.EXE >[/color] [2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe [2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe [2004/08/20 01:09:51 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/04 07:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/20 01:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/04 08:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2003/07/22 18:08:20 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2003/07/22 18:08:20 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPCLIP.EXE >[/color] [2004/08/20 01:10:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=5CEDA4A82F07576B57BD554E20238F1B -- C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe [2008/04/14 04:34:18 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe [2008/04/14 04:34:18 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\system32\rdpclip.exe [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2012/01/09 18:19:13 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=2D293B720C206473A05950CE007DB12A -- C:\WINDOWS\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys [2011/06/24 16:09:15 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=3348E61A78BA4F79C795AAD6565D3B6F -- C:\WINDOWS\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys [2012/07/04 16:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=43AF5212BD8FB5BA6EED9754358BD8F7 -- C:\WINDOWS\system32\dllcache\rdpwd.sys [2012/07/04 16:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=43AF5212BD8FB5BA6EED9754358BD8F7 -- C:\WINDOWS\system32\drivers\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2012/05/02 15:45:55 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=997C59B9955F911EC460241DD9E01B04 -- C:\WINDOWS\$hf_mig$\KB2685939\SP3QFE\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [2012/07/04 15:59:55 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=C7D9BC54354B8C706ABF172D48313F1B -- C:\WINDOWS\$hf_mig$\KB2723135\SP3QFE\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/04 07:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2004/08/04 08:07:47 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys [2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys [2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006/04/20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/20 01:10:18 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004/08/20 01:10:18 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/04 08:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys [2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2003/07/22 18:12:16 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2011/05/31 13:36:49 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys [2011/05/31 15:27:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2004/08/04 07:58:45 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [2013/07/03 03:59:02 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=F8EDE2B6928970DCE3D5614C27D9E7F6 -- C:\WINDOWS\Driver Cache\i386\usbscan.sys [2013/07/03 03:59:02 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=F8EDE2B6928970DCE3D5614C27D9E7F6 -- C:\WINDOWS\SoftwareDistribution\Download\c1c9ac6ed5f7d67057354464cc506b56\SP3QFE\usbscan.sys [2013/07/03 03:59:02 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=F8EDE2B6928970DCE3D5614C27D9E7F6 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2013/07/03 03:59:02 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=F8EDE2B6928970DCE3D5614C27D9E7F6 -- C:\WINDOWS\system32\drivers\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/20 01:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2004/08/20 00:59:12 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=313B1A0D5DB26DFE1C34A6C13B2CE0A7 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys [2008/04/14 03:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys [2008/04/14 03:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< MD5 for: WSCNTFY.EXE >[/color] [2008/04/14 04:34:29 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe [2008/04/14 04:34:29 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\system32\wscntfy.exe [2004/08/20 01:10:05 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=8558905BA81F6EFAAF9667139BB117DD -- C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >