OTL logfile created on: 16/04/2013 20:09:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\BUREAU\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1023,23 Mb Total Physical Memory | 378,88 Mb Available Physical Memory | 37,03% Memory free 2,40 Gb Paging File | 1,72 Gb Available in Paging File | 71,86% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 277,82 Gb Total Space | 192,67 Gb Free Space | 69,35% Space Free | Partition Type: NTFS Computer Name: 780EBF8094CB4A9 | User Name: BUREAU | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/03/31 16:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BUREAU\Bureau\OTL.exe PRC - [2012/11/15 22:27:48 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2006/05/16 12:22:58 | 000,614,400 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/12/06 20:27:51 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/03/12 21:37:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/09 00:43:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/15 22:27:48 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012/07/13 13:28:36 | 000,160,944 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/13 14:30:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe -- (wampapache) SRV - [2012/04/19 17:02:32 | 008,177,664 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld) SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007/06/27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme) DRV - [2012/11/15 22:29:02 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi) DRV - [2012/11/15 22:29:01 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/11/03 16:49:12 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012/11/03 16:49:11 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012/08/13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps) DRV - [2012/06/27 15:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2012/06/19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2010/08/12 11:44:06 | 000,071,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2009/04/30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2009/04/30 22:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/11/26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007/11/26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007/11/26 14:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007/11/26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006/08/01 13:07:02 | 004,356,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006/07/11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/06/28 11:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006/05/04 20:02:58 | 000,380,928 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2001/08/18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001/08/17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.msn.com/ IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes,DefaultScope = {BA8A1355-90CD-4B25-A2E8-C4D03C4319BF} IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes\{11568B47-BE32-4B8C-9DDA-2A5AFA3717E8}: "URL" = http://www.01net.com/recherche/recherche?chaine=home&searchstring={searchTerms}&type=01net IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes\{BA8A1355-90CD-4B25-A2E8-C4D03C4319BF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAFR IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\..\SearchScopes\{C8592F6A-209C-4882-A795-A3206C141F70}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-527237240-1482476501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://fr.my.msn.com/" FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012/12/20 19:57:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/20 19:57:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012/12/20 19:57:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012/12/20 19:57:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012/12/20 19:57:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 00:43:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/11 20:45:08 | 000,000,000 | ---D | M] [2009/12/27 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BUREAU\Application Data\Mozilla\Extensions [2009/12/27 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BUREAU\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2013/02/23 23:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\24wh4li4.default\extensions [2012/01/02 23:15:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\24wh4li4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/02/23 23:55:04 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\24wh4li4.default\extensions\firebug@software.joehewitt.com.xpi [2013/02/17 00:03:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\24wh4li4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/09 00:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/03/09 00:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/03/09 00:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013/03/09 00:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2009/10/21 16:47:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/12/20 19:57:40 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013/03/09 00:43:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/19 01:17:10 | 000,001,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/09/20 23:20:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/08 00:11:38 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2013/02/21 20:36:49 | 000,001,472 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2013/01/19 01:17:10 | 000,001,399 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/12/08 00:11:37 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Documents Google = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google\u00A0Drive = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Recherche Google = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Analyse des liens (URL Advisor) = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Protection des transactions bancaires = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Clavier virtuel = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Gmail = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-banni\u00E8re = C:\Documents and Settings\BUREAU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013/04/03 21:00:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) O4 - Startup: C:\Documents and Settings\Jeunes\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-527237240-1482476501-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-527237240-1482476501-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-527237240-1482476501-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKU\S-1-5-21-527237240-1482476501-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ajouter dans l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9 - Extra Button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257609705812 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257962717375 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{021E8372-DFA5-4C0F-A49F-3CB66C383F43}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\BUREAU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\BUREAU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/20 16:42:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013/04/07 16:56:26 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^BUREAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Alcmtr[/b] - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Family Tree Builder Update[/b] - hkey= - key= - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) MsConfig - StartUpReg: [b]InCD[/b] - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]RTHDCPL[/b] - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]SecurDisc[/b] - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) MsConfig - StartUpReg: [b]SkyTel[/b] - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 1 SafeBootMin: 54520688.sys - Driver SafeBootMin: 65396038.sys - Driver SafeBootMin: 82742054.sys - Driver SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: 54520688.sys - Driver SafeBootNet: 65396038.sys - Driver SafeBootNet: 82742054.sys - Driver SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{7CE23967-DDAA-4A71-AC06-44676908A8D2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.CSCD - camcodec.dll File not found Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.IPJ2 - jp2avi.dll File not found Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LAGS - lagarith.dll File not found Drivers32: vidc.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP70 - vp7vfw.dll File not found Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/16 19:56:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BUREAU\Bureau\OTL.exe [2013/04/07 22:09:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013/04/07 16:56:26 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2013/04/07 14:59:03 | 000,000,000 | ---D | C] -- C:\UsbFix [2013/04/05 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2013/04/05 19:57:14 | 000,000,000 | ---D | C] -- C:\ZHP [2013/04/04 19:31:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/04/01 22:09:21 | 000,000,000 | ---D | C] -- C:\cmdcons [2013/04/01 21:48:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/04/01 21:48:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/04/01 21:48:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/04/01 21:48:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/04/01 21:43:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/01 21:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/03/31 16:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BUREAU\Bureau\Désinfection [2013/03/30 20:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner [2013/03/26 20:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BUREAU\Bureau\Recherche emploi Yohann [2013/03/20 22:07:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/03/18 18:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BUREAU\Bureau\Candidatures post-bac Matthieu [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/16 20:14:07 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/04/16 19:53:01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C546671B-E61A-4CD4-8EC2-0EFDB40BDFD6}.job [2013/04/16 19:49:46 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/16 19:40:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\BUREAU\Bureau\SystemLook.exe [2013/04/16 19:39:23 | 001,597,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/16 19:39:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/16 19:38:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/11 22:27:09 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/04/11 22:25:39 | 000,005,700 | ---- | M] () -- C:\Documents and Settings\BUREAU\Mes documents\cc_20130411_222524.reg [2013/04/11 21:33:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/11 20:44:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader XI.lnk [2013/04/11 20:30:23 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2013/04/05 21:20:05 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2013/04/03 21:00:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/04/01 22:09:46 | 000,000,332 | ---- | M] () -- C:\boot.ini [2013/04/01 18:08:13 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2013/03/31 16:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BUREAU\Bureau\OTL.exe [2013/03/31 13:43:40 | 000,504,016 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2013/03/31 13:43:40 | 000,435,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/03/31 13:43:40 | 000,081,962 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2013/03/31 13:43:40 | 000,068,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/03/30 21:04:06 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\BUREAU\Mes documents\cc_20130330_200352.reg [2013/03/30 20:44:41 | 000,004,315 | ---- | M] () -- C:\Documents and Settings\BUREAU\Mes documents\cc_20130330_1944.reg [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/16 19:55:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\BUREAU\Bureau\SystemLook.exe [2013/04/16 19:38:52 | 001,597,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/11 22:25:26 | 000,005,700 | ---- | C] () -- C:\Documents and Settings\BUREAU\Mes documents\cc_20130411_222524.reg [2013/04/11 20:44:06 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader XI.lnk [2013/04/11 20:44:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader XI.lnk [2013/04/05 20:05:31 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2013/04/01 22:09:45 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2013/04/01 22:09:35 | 000,263,488 | ---- | C] () -- C:\cmldr [2013/04/01 21:48:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/04/01 21:48:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/04/01 21:48:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/04/01 21:48:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/04/01 21:48:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/04/01 18:08:13 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2013/03/31 17:21:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2013/03/30 21:03:56 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\BUREAU\Mes documents\cc_20130330_200352.reg [2013/03/30 20:44:38 | 000,004,315 | ---- | C] () -- C:\Documents and Settings\BUREAU\Mes documents\cc_20130330_1944.reg [2013/01/20 02:35:22 | 000,217,792 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/04/15 13:30:27 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/04/15 13:30:27 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/04/15 13:30:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/02/16 20:15:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/09 22:40:00 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/12/31 12:33:39 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\BUREAU\Local Settings\Application Data\HamsterVideoConverterSettings.cfg [2011/12/30 17:03:17 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini [2011/12/30 17:03:17 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini [2011/12/30 17:02:27 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011/12/29 00:09:39 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\BUREAU\Local Settings\Application Data\UrlManager.exe [2011/12/29 00:09:39 | 000,001,444 | ---- | C] () -- C:\Documents and Settings\BUREAU\Local Settings\Application Data\urlManager.xml [2011/07/31 23:38:45 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\BUREAU\Local Settings\Application Data\WebpageIcons.db [2009/11/11 23:31:42 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\BUREAU\KFP3X.bev [2009/11/11 20:47:43 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\BUREAU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/12/31 12:02:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 07:36:34 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2009/10/25 19:56:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2012/12/09 23:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk [2011/12/28 23:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo [2011/12/31 14:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2010/12/31 15:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage [2009/11/08 16:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\EPSON [2013/03/30 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\FileZilla [2011/12/31 13:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\FreeFLVConverter [2013/03/30 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\FrostWire [2011/12/30 00:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\GetRightToGo [2013/03/30 20:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\Inkscape [2009/11/20 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\Leadertech [2011/12/28 23:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\Leawo [2011/01/08 00:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\LimeWire [2011/12/30 15:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\MAGIX [2011/12/28 23:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\Moyea [2011/05/31 22:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\MyHeritage [2013/03/30 20:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\Notepad++ [2009/10/21 17:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\OpenOffice.org [2011/12/29 00:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\PPT2Video [2012/09/21 17:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\Simple Adblock [2010/12/31 15:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BUREAU\Application Data\The Complete Genealogy Reporter - FTB [2009/11/10 18:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\EPSON [2009/11/29 19:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\gtk-2.0 [2009/11/29 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\Inkscape [2009/11/17 21:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\MSNInstaller [2011/11/29 20:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\MyHeritage [2012/06/14 08:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\Notepad++ [2009/11/10 14:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\OpenOffice.org [2012/09/21 17:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeunes\Application Data\Simple Adblock [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2013/03/31 13:45:58 | 000,002,697 | ---- | M] () -- C:\AdwCleaner[R1].txt [2013/03/31 13:47:12 | 000,000,381 | ---- | M] () -- C:\AdwCleaner[S1].txt [2013/03/31 15:34:31 | 000,002,839 | ---- | M] () -- C:\AdwCleaner[S2].txt [2009/10/20 16:42:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/10/24 15:26:22 | 000,000,216 | ---- | M] () -- C:\Boot.bak [2013/04/01 22:09:46 | 000,000,332 | ---- | M] () -- C:\boot.ini [2008/04/14 14:00:00 | 000,004,952 | ---- | M] () -- C:\Bootfont.bin [2004/08/03 23:00:08 | 000,263,488 | ---- | M] () -- C:\cmldr [2013/04/03 21:03:52 | 000,012,323 | ---- | M] () -- C:\ComboFix.txt [2009/10/20 16:42:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2009/12/05 22:40:02 | 000,001,407 | ---- | M] () -- C:\INSTALL.LOG [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2009/10/20 16:42:00 | 000,000,000 | ---- | M] () -- C:\IO.SYS [2011/05/28 19:28:18 | 000,000,127 | ---- | M] () -- C:\mbam-error.txt [2009/10/20 16:42:00 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS [2008/04/14 14:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM [2008/04/14 14:00:00 | 000,252,240 | ---- | M] () -- C:\ntldr [2013/04/16 19:38:51 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2013/04/05 21:20:05 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2013/04/16 20:14:07 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/04/07 20:56:15 | 000,084,482 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_07.04.2013_20.54.18_log.txt [2013/04/07 20:57:42 | 000,084,482 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_07.04.2013_20.57.12_log.txt [2013/04/07 21:58:29 | 000,004,132 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_07.04.2013_21.57.58_log.txt [2013/04/07 22:24:45 | 000,333,688 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_07.04.2013_22.00.29_log.txt [2013/04/11 19:19:52 | 000,003,414 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_11.04.2013_19.19.30_log.txt [2013/04/11 19:25:22 | 000,331,822 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_11.04.2013_19.22.41_log.txt [2013/04/11 19:31:33 | 000,003,476 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_11.04.2013_19.28.32_log.txt [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [2013/04/07 16:56:38 | 000,007,223 | ---- | M] () -- C:\UsbFix [Clean 1] 780EBF8094CB4A9.txt [2013/04/07 15:04:24 | 000,003,466 | ---- | M] () -- C:\UsbFix [Scan 1] 780EBF8094CB4A9.txt [2013/04/07 15:51:47 | 000,003,283 | ---- | M] () -- C:\UsbFix [Scan 2] 780EBF8094CB4A9.txt [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2009/11/11 23:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\30+ Free Patience [2009/11/19 19:22:39 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip [2013/04/06 17:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\a-squared Free [2013/04/11 20:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/10/25 19:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft [2011/12/30 17:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5 [2009/10/25 19:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Canon [2013/03/30 20:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2009/10/20 16:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2011/12/30 00:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\DzSoft [2009/11/08 16:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON [2011/12/30 18:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\eRightSoft [2013/04/03 20:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Fichiers communs [2012/12/01 01:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client [2009/12/05 22:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Free Audio Pack [2011/12/31 13:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\Free FLV Converter [2012/06/02 19:06:27 | 000,000,000 | ---D | M] -- C:\Program Files\FreeTime [2011/01/08 16:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire [2013/03/17 01:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2011/12/31 12:32:59 | 000,000,000 | ---D | M] -- C:\Program Files\Hamster Soft [2009/11/29 19:42:44 | 000,000,000 | ---D | M] -- C:\Program Files\Inkscape [2009/11/08 16:00:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2013/04/11 21:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2009/10/21 17:48:35 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2009/10/21 16:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\JRE [2009/11/07 17:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools [2012/11/03 16:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab [2010/10/14 22:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire [2009/11/20 22:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech [2012/07/28 21:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/07 18:09:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger [2011/02/02 22:38:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2009/10/20 16:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2011/06/29 20:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2010/01/24 19:45:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2009/11/17 21:10:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009/11/21 15:06:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010/08/11 19:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2013/03/09 11:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2013/03/10 13:21:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service [2011/12/31 12:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2009/11/25 20:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache [2009/11/17 21:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN [2009/10/20 16:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone [2009/11/07 18:40:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2010/12/31 15:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\MyHeritage [2009/10/21 18:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Nero [2009/10/20 16:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2011/01/01 22:50:47 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++ [2012/04/15 13:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation [2010/01/24 19:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services [2009/10/21 16:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3 [2010/12/17 01:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2009/12/16 22:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks [2011/08/12 14:28:00 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator [2009/12/12 19:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltre [2009/11/07 21:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\RALINK [2009/10/20 17:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek [2011/12/31 12:05:18 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2011/12/30 15:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\Riva [2009/10/20 16:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Services en ligne [2012/09/21 17:28:49 | 000,000,000 | R--D | M] -- C:\Program Files\Skype [2009/11/11 23:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\Sphinx [2012/09/23 12:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2009/10/20 16:53:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2012/11/07 16:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2011/02/02 23:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2009/11/08 18:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2010/02/07 16:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2 [2010/02/07 16:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2010/01/24 19:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2009/10/20 16:40:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2011/12/30 12:14:19 | 000,000,000 | ---D | M] -- C:\Program Files\Wondershare [2009/10/20 16:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\xerox [2013/04/05 21:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\ZHPDiag [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color] [2008/04/14 14:00:00 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=B16CCBF66BF41F994D2810CC2299D9D6 -- C:\cmdcons\autochk.exe [2008/04/14 14:00:00 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=B16CCBF66BF41F994D2810CC2299D9D6 -- C:\WINDOWS\system32\autochk.exe [2008/04/14 14:00:00 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=B16CCBF66BF41F994D2810CC2299D9D6 -- C:\WINDOWS\system32\dllcache\autochk.exe [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008/04/14 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys [2008/04/14 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2008/04/14 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\erdnt\cache\eventlog.dll [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\erdnt\cache\explorer.exe [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color] [2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hidserv.dll [color=#A23BEC]< MD5 for: IMM32.DLL >[/color] [2008/04/14 14:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0469B73DB32E5520F342C5E163AA3CCA -- C:\WINDOWS\erdnt\cache\imm32.dll [2008/04/14 14:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0469B73DB32E5520F342C5E163AA3CCA -- C:\WINDOWS\system32\dllcache\imm32.dll [2008/04/14 14:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0469B73DB32E5520F342C5E163AA3CCA -- C:\WINDOWS\system32\imm32.dll [color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color] [2008/04/14 14:00:00 | 001,054,720 | ---- | M] (Microsoft Corporation) MD5=3AC8886DFA5AB641417DF4D3B7F5512E -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll [2009/03/21 16:07:58 | 001,054,720 | ---- | M] (Microsoft Corporation) MD5=98F08549604D090B6B2514AF845F329F -- C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll [2012/10/03 06:58:11 | 001,055,232 | ---- | M] (Microsoft Corporation) MD5=9BF964752FEBC8E0265B62EEF034D465 -- C:\WINDOWS\erdnt\cache\kernel32.dll [2012/10/03 06:58:11 | 001,055,232 | ---- | M] (Microsoft Corporation) MD5=9BF964752FEBC8E0265B62EEF034D465 -- C:\WINDOWS\system32\dllcache\kernel32.dll [2012/10/03 06:58:11 | 001,055,232 | ---- | M] (Microsoft Corporation) MD5=9BF964752FEBC8E0265B62EEF034D465 -- C:\WINDOWS\system32\kernel32.dll [2009/03/21 16:00:17 | 001,056,768 | ---- | M] (Microsoft Corporation) MD5=C3AF0EEE26B59484E674673E3016AAB7 -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll [2012/10/03 06:57:29 | 001,056,768 | ---- | M] (Microsoft Corporation) MD5=CB4292C6D077188C726B2EE073E5D3BE -- C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2008/04/14 14:00:00 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=196CCC3FDD21665DCAA9F83FFC03B41A -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll [2008/06/20 19:47:22 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=58AF8498C62E1E1DAB5AE59C6E08C180 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll [2008/06/20 18:03:53 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=6F5F546A92C7B6AE45DB1D6910781EB0 -- C:\WINDOWS\erdnt\cache\mswsock.dll [2008/06/20 18:03:53 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=6F5F546A92C7B6AE45DB1D6910781EB0 -- C:\WINDOWS\system32\dllcache\mswsock.dll [2008/06/20 18:03:53 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=6F5F546A92C7B6AE45DB1D6910781EB0 -- C:\WINDOWS\system32\mswsock.dll [2008/06/20 19:44:02 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=C759B3790D3BA760C52E218EF4886DAC -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [2008/06/20 19:44:02 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=C759B3790D3BA760C52E218EF4886DAC -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys [2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\erdnt\cache\netlogon.dll [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: NTFS.SYS >[/color] [2008/04/14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\erdnt\cache\ntfs.sys [2008/04/14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys [2008/04/14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys [2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS [color=#A23BEC]< MD5 for: NTMSSVC.DLL >[/color] [2008/04/14 14:00:00 | 000,438,272 | ---- | M] (Microsoft Corporation) MD5=037D92B3A7853A183FCAB77FB1D13D6C -- C:\WINDOWS\erdnt\cache\ntmssvc.dll [2008/04/14 14:00:00 | 000,438,272 | ---- | M] (Microsoft Corporation) MD5=037D92B3A7853A183FCAB77FB1D13D6C -- C:\WINDOWS\system32\dllcache\ntmssvc.dll [2008/04/14 14:00:00 | 000,438,272 | ---- | M] (Microsoft Corporation) MD5=037D92B3A7853A183FCAB77FB1D13D6C -- C:\WINDOWS\system32\ntmssvc.dll [color=#A23BEC]< MD5 for: NVATA.SYS >[/color] [2006/06/28 11:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS\system32\drivers\nvata.sys [color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color] [2008/04/14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=745D327179FB3D2AC9B80B91F23DA753 -- C:\WINDOWS\system32\dllcache\proquota.exe [2008/04/14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=745D327179FB3D2AC9B80B91F23DA753 -- C:\WINDOWS\system32\proquota.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2008/04/14 14:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=BAA0B6E647C1AD593E9BAE5CC31BCFFB -- C:\WINDOWS\erdnt\cache\qmgr.dll [2008/04/14 14:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=BAA0B6E647C1AD593E9BAE5CC31BCFFB -- C:\WINDOWS\system32\dllcache\qmgr.dll [2008/04/14 14:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=BAA0B6E647C1AD593E9BAE5CC31BCFFB -- C:\WINDOWS\system32\qmgr.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\erdnt\cache\scecli.dll [2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: SFCFILES.DLL >[/color] [2008/04/14 14:00:00 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=E17C85D5B5CF477638433B851A98499E -- C:\WINDOWS\erdnt\cache\sfcfiles.dll [2008/04/14 14:00:00 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=E17C85D5B5CF477638433B851A98499E -- C:\WINDOWS\system32\dllcache\sfcfiles.dll [2008/04/14 14:00:00 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=E17C85D5B5CF477638433B851A98499E -- C:\WINDOWS\system32\sfcfiles.dll [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2010/08/17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [2008/04/14 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\erdnt\cache\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\erdnt\cache\svchost.exe [2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe [color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color] [2008/04/14 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=710BC85A8C22626EE094439E3EA0D38C -- C:\WINDOWS\erdnt\cache\termsrv.dll [2008/04/14 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=710BC85A8C22626EE094439E3EA0D38C -- C:\WINDOWS\system32\dllcache\termsrv.dll [2008/04/14 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=710BC85A8C22626EE094439E3EA0D38C -- C:\WINDOWS\system32\termsrv.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\erdnt\cache\userinit.exe [2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2008/04/14 14:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\dllcache\volsnap.sys [2008/04/14 14:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys [color=#A23BEC]< MD5 for: WININET.DLL >[/color] [2012/05/16 17:06:36 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=1A5B88015B3823D31C5842DE0DBFE842 -- C:\WINDOWS\ie8updates\KB2722913-IE8\wininet.dll [2012/07/02 19:38:43 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=29FEC860C77934244D28213C24A6E110 -- C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll [2010/12/21 01:52:01 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=2F0037D24E82840EF1D47B635B37301A -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll [2011/06/23 20:31:31 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=3008D2F793F23FF0DDBC5A1FB9F8374F -- C:\WINDOWS\ie8updates\KB2586448-IE8\wininet.dll [2012/07/02 19:39:50 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=3702C4555CE284742F80364D7904BA73 -- C:\WINDOWS\ie8updates\KB2744842-IE8\wininet.dll [2010/02/25 08:17:37 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=3897DB69B7ABF09C00406A249F8088D8 -- C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll [2009/08/29 09:51:08 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=39E483C39E0EED381977EC1121ADD2BF -- C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll [2013/03/02 03:54:04 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=3FB34DDAAED61D8451C514A91D1699D2 -- C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll [2013/03/02 03:54:04 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=3FB34DDAAED61D8451C514A91D1699D2 -- C:\WINDOWS\SoftwareDistribution\Download\eb7db0ada3e7900f4909defb0a7b554a\SP3QFE\wininet.dll [2011/04/25 18:06:11 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=42F5E14E33D79C236680468B1E4999F4 -- C:\WINDOWS\ie8updates\KB2559049-IE8\wininet.dll [2013/03/02 03:55:11 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=48309E1F5ED8E72783EEFBA04898BDA1 -- C:\WINDOWS\SoftwareDistribution\Download\eb7db0ada3e7900f4909defb0a7b554a\SP3GDR\wininet.dll [2013/03/02 03:55:11 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=48309E1F5ED8E72783EEFBA04898BDA1 -- C:\WINDOWS\system32\dllcache\wininet.dll [2013/03/02 03:55:11 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=48309E1F5ED8E72783EEFBA04898BDA1 -- C:\WINDOWS\system32\wininet.dll [2008/04/14 14:00:00 | 000,670,208 | ---- | M] (Microsoft Corporation) MD5=4A6E04EA20F48D750D9BFED8600D516B -- C:\WINDOWS\$NtUninstallKB974455$\wininet.dll [2009/08/29 09:56:53 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=4CFF479B02819293167F42940B5EF12B -- C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll [2012/11/01 14:15:37 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=51A9018D2872998747A12DE8F1897D38 -- C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll [2009/09/25 07:36:34 | 000,671,232 | ---- | M] (Microsoft Corporation) MD5=52725B1CDF5C27A19BB316BE4C7CFDCE -- C:\WINDOWS\ie8\wininet.dll [2009/09/25 07:32:48 | 000,672,768 | ---- | M] (Microsoft Corporation) MD5=529081B5F266D9E18F85A2EF7725F21A -- C:\WINDOWS\$hf_mig$\KB974455\SP3QFE\wininet.dll [2012/05/16 17:05:31 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=55DEA0699C49199F80D41B8177708169 -- C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll [2010/11/06 02:25:05 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=59EED8A2D9A36A824834E0CFDB403A71 -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll [2011/12/17 21:43:31 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=5C72F65D2F038E0BF481326423F9D266 -- C:\WINDOWS\ie8updates\KB2675157-IE8\wininet.dll [2011/06/23 20:29:27 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=66B28BE3DD3BDBD020B4317AD7051427 -- C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll [2009/03/08 05:34:58 | 000,914,944 | ---- | M] (Microsoft Corporation) MD5=6CE32F7778061CCC5814D5E0F282D369 -- C:\WINDOWS\ie8updates\KB974455-IE8\wininet.dll [2010/09/10 07:47:27 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=73F26DB9C92C7A8259B534451E3B18F9 -- C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll [2011/02/23 01:05:48 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=77C66BD5CED4E555919A5FB713322CDD -- C:\WINDOWS\ie8updates\KB2530548-IE8\wininet.dll [2012/03/01 12:58:11 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=7960ADFC62197E5262A8A72A9FE99C43 -- C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll [2011/08/23 01:41:31 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=7DF35C3D173E799F97F208CC5F3B1C93 -- C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll [2010/11/06 02:21:45 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=85DCE8DAFD2AC492AFACC528161611BB -- C:\WINDOWS\ie8updates\KB2482017-IE8\wininet.dll [2011/02/23 01:25:24 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=8B466303E57E69AC1F82849006BADAAD -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll [2011/08/23 01:40:21 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=96F7E8DFF026E48DD7655DBFC47E7944 -- C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll [2010/06/24 14:28:32 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=9BB4D31E5EF3BA1FBA3ECBECD85B3360 -- C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll [2012/12/26 22:05:34 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=A1C6DA4AE31AAE1B623A1432038A134D -- C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll [2010/09/10 07:50:18 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=A7E08F8C451076D4234AEB380693E45A -- C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll [2010/06/24 14:25:24 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=A91B0454DF71BDF4906EAB2D098A30EC -- C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll [2009/10/29 09:42:33 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=AB28712FEB7BE2A52A9ABFA0FF94C1B6 -- C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll [2010/12/21 01:53:04 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=AF4EAA3B35A2D206E1902D7CA61B958A -- C:\WINDOWS\ie8updates\KB2497640-IE8\wininet.dll [2011/11/04 21:13:29 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=B0DF02C2326381D64149F3EEFAE5E09D -- C:\WINDOWS\ie8updates\KB2647516-IE8\wininet.dll [2010/02/25 08:11:51 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=B667625B38B5EA389044F90BDE80C4FD -- C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll [2010/05/06 12:33:44 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=B98E84E2CD3EE25D6D41936352E93112 -- C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll [2010/05/06 12:27:42 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=C906F4EA76E7BEC9255776E626086B95 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll [2011/11/04 21:12:19 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=CC5816AA2B0EB20BA52D5622A7C1DED3 -- C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll [2013/02/05 21:55:30 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=CD6DD7CD80EEFEC4A95B8D156B074036 -- C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll [2012/08/28 17:04:59 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=D0E5BB7F1F2B2A86CE809CC8EA9CB5B5 -- C:\WINDOWS\ie8updates\KB2761465-IE8\wininet.dll [2012/03/01 13:00:23 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=D44608FCA100A5C48053588517517028 -- C:\WINDOWS\ie8updates\KB2699988-IE8\wininet.dll [2011/04/25 18:04:06 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=E996F26337B0DEA2650CEAD393C15B82 -- C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll [2012/11/01 14:17:51 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=E9C2CF196F769DE332181121B37518E7 -- C:\WINDOWS\ie8updates\KB2792100-IE8\wininet.dll [2012/08/28 17:03:48 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=ECB2FC839288380533043CF2E91E51E6 -- C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll [2009/10/29 09:37:06 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=F461ACD33F06BF1FB28FFF1EF345FE63 -- C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll [2012/12/26 22:06:36 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=F60FB84A5F9DC64C62B5EDADD399C38B -- C:\WINDOWS\ie8updates\KB2809289-IE8\wininet.dll [2011/12/17 21:42:36 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=FBF4D9A8AE222337063B7DF8881F5AE5 -- C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll [2013/02/05 21:56:42 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=FCDD66EE148885E900285ADE8417E40B -- C:\WINDOWS\erdnt\cache\wininet.dll [2013/02/05 21:56:42 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=FCDD66EE148885E900285ADE8417E40B -- C:\WINDOWS\ie8updates\KB2817183-IE8\wininet.dll [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< MD5 for: WS2_32.DLL >[/color] [2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\erdnt\cache\ws2_32.dll [2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\system32\dllcache\ws2_32.dll [2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\system32\ws2_32.dll [color=#A23BEC]< MD5 for: XMLPROV.DLL >[/color] [2008/04/14 14:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=F92A87FDDA0C11C8604FBC2B864FA726 -- C:\WINDOWS\erdnt\cache\xmlprov.dll [2008/04/14 14:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=F92A87FDDA0C11C8604FBC2B864FA726 -- C:\WINDOWS\system32\dllcache\xmlprov.dll [2008/04/14 14:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=F92A87FDDA0C11C8604FBC2B864FA726 -- C:\WINDOWS\system32\xmlprov.dll [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color] "Debug" = "Kmode" = %SystemRoot%\system32\win32k.sys -- [2013/03/02 03:57:47 | 001,867,392 | ---- | M] (Microsoft Corporation) "Optional" = Posix [binary data] "Posix" = %SystemRoot%\system32\psxss.exe "Required" = DebugWindows [binary data] "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS] "CsrSrvSharedSectionBase" = 2137980928 [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2009/10/20 18:18:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/10/20 18:18:29 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/10/20 18:18:29 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color] [2009/10/20 16:40:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/20 16:44:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012/09/15 12:09:01 | 000,000,434 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C546671B-E61A-4CD4-8EC2-0EFDB40BDFD6}.job [2012/10/14 11:59:55 | 000,001,002 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2013/03/17 01:22:24 | 000,001,052 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2013/03/17 01:22:24 | 000,001,056 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job < End of report >