OTL logfile created on: 22/04/2013 18:44:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\inas\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 52,15% Memory free 6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,58 Gb Total Space | 91,60 Gb Free Space | 31,85% Space Free | Partition Type: NTFS Drive D: | 10,51 Gb Total Space | 1,71 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive F: | 1,87 Gb Total Space | 1,62 Gb Free Space | 86,56% Space Free | Partition Type: FAT Computer Name: PC-BUREAU | User Name: inas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\inas\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (NitroDriverReadSpool8) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Modem HDM EC156. RunOuc) -- C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe () SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (msvsmon100) -- c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x86\rdbgservice.exe (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MpKsl05de797f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D64CE0-4001-4168-AD33-5E139AE9C927}\MpKsl05de797f.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNPR: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\inas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\inas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/17 17:03:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/17 17:01:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/17 17:03:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/17 17:01:46 | 000,000,000 | ---D | M] [2012/03/24 23:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inas\AppData\Roaming\Mozilla\Extensions [2012/12/18 07:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inas\AppData\Roaming\Mozilla\Firefox\Profiles\pj5pkcnl.default\extensions [2012/12/18 07:47:09 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\inas\AppData\Roaming\Mozilla\Firefox\Profiles\pj5pkcnl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/04/17 17:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/03/26 14:05:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013/04/17 17:03:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/08/28 04:00:08 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOlp32.dll [2013/01/29 17:45:08 | 000,001,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2013/01/06 21:54:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/06 21:54:48 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2013/02/27 18:01:50 | 000,001,472 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2013/01/29 17:45:08 | 000,001,399 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2013/01/06 21:54:48 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.co.ma/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\inas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\inas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Recherche Google = C:\Users\inas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\inas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\inas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\inas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FD485D-32AF-42CB-8DA4-180E3C0AE727}: DhcpNameServer = 192.168.60.58 192.168.50.55 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6958BB0E-30FD-424D-A8D6-CDD5ED5449FA}: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9833CE08-F1AC-45EA-AA72-ED7F79FED776}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\inas\Pictures\23.jpg O24 - Desktop BackupWallPaper: C:\Users\inas\Pictures\23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013/04/22 16:05:16 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2013/04/22 16:05:16 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2013/04/22 16:05:18 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ] O33 - MountPoints2\{cc8f6377-2290-11e2-a977-001e101f7fb6}\Shell - "" = AutoRun O33 - MountPoints2\{cc8f6377-2290-11e2-a977-001e101f7fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/22 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Nouveau dossier (2) [2013/04/22 16:15:37 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Roaming\Malwarebytes [2013/04/22 16:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/22 16:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/22 16:15:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/04/22 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/04/22 16:05:16 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2013/04/22 16:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2013/04/22 15:33:20 | 000,000,000 | ---D | C] -- C:\UsbFix [2013/04/22 07:25:16 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{505CEDE8-0791-4A93-B9CB-46F7F80FD435} [2013/04/21 13:50:08 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A0EFBC34-23BD-4472-8B9D-6CD1B357A5F8} [2013/04/20 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Site sans nom 2 [2013/04/20 15:00:46 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{312C053B-5F60-420A-B127-6BA5A200AA7D} [2013/04/20 00:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013/04/19 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\2.Adobe Dreamweaver CS6 setup [2013/04/19 21:03:28 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{FECC2260-59C9-4D3D-98BD-ACC3B1BF5792} [2013/04/18 12:35:38 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\projetChasseur [2013/04/18 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\projetOuvrage [2013/04/18 11:02:49 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A99D1224-90BB-4E0C-847A-197CF5BFD048} [2013/04/18 02:28:57 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WindowsApplication20 [2013/04/17 17:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/17 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\History [2013/04/17 14:00:05 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Roaming\Macrovision [2013/04/17 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9E6A6FEC-73D5-4CA2-923D-05DB4807B120} [2013/04/16 13:42:07 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9D30ACC0-5272-45B5-8172-012DDB2BE768} [2013/04/15 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{1DC9B925-4D2C-472B-8179-2B1A0C5F7A95} [2013/04/14 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{0A0042E6-E3FC-49E1-BAF1-E97680D58D06} [2013/04/14 02:10:45 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{64C32EA8-8C3A-4F71-9055-5F43E1807050} [2013/04/13 14:10:20 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{797FFA98-3C7F-473D-B33F-043C9A607EB4} [2013/04/12 23:13:49 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-ReportServer-rsctr.dll [2013/04/12 23:10:18 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQLSERVER-sqlctr10.0.1600.22.dll [2013/04/12 22:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013/04/12 22:53:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx [2013/04/12 21:05:11 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\logishrd [2013/04/12 15:40:40 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Integration Services Script Component [2013/04/12 15:40:27 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Integration Services Script Task [2013/04/12 12:55:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/04/12 12:55:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/04/12 12:55:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/04/12 12:55:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/04/12 12:55:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/04/12 12:55:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/04/12 12:55:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/04/12 12:55:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/04/12 12:46:00 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{C5AAD6DB-1008-48F6-88A3-5A9C3F9EDDC7} [2013/04/11 22:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\SAP BusinessObjects [2013/04/11 22:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2013/04/11 21:49:14 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\CRforVS_13_0_2 [2013/04/11 14:25:55 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/04/11 14:25:54 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/04/11 14:25:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/04/11 14:25:43 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/04/11 14:25:31 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/04/11 14:10:43 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A19AF026-118C-4B97-914D-C9FBDBCA9ECA} [2013/04/06 20:46:07 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{C2EF1777-A5C2-4775-AAF0-A730D2A21E1D} [2013/04/06 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9EF80A27-614E-4B6C-B3A3-1444FC6F6898} [2013/04/05 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{FFCC8B25-778B-4251-A5D5-95153AE324BE} [2013/04/05 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{4E67D11E-CD70-4FBD-9F07-884E4275EE9B} [2013/04/04 12:14:05 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{01A9DCD2-262E-4025-B6E3-AC975F6EC81F} [2013/04/03 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\Chetouki_inass [2013/04/03 13:37:22 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{594A0E6D-47A9-4543-B9E4-CF34E336ADF4} [2013/04/03 06:57:16 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{2D617E5A-5866-4F24-9890-7C2483C7A6C8} [2013/04/02 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WebApplication2 [2013/04/02 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\examaenVariante9 [2013/04/02 22:47:47 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WebApplication3 [2013/04/02 11:31:59 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{59E03E84-505C-4EAC-BB40-7048179E3D13} [2013/04/01 22:42:44 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\site2 [2013/04/01 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{5C23FCB1-55D3-4551-BAED-769F4635EA07} [2013/03/31 14:31:43 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{DDE3841E-6B91-42AA-A6E4-82F723448499} [2013/03/30 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{EDAF8A3C-097F-459D-83C5-82A46FB2ADF3} [2013/03/30 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9C02EA03-F8F3-4291-9251-9EA3A09B1C0B} [2013/03/29 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{3BD83FD5-09C9-4E1A-BFEF-CDECCEA3EC74} [2013/03/29 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{14383980-0755-44DB-A630-5F6B29B4D6A1} [2013/03/28 18:37:06 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{5A0A8938-ACF8-435E-A840-6C361A89DA16} [2013/03/28 12:41:45 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WindowsApplication2 [2013/03/28 12:28:15 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{8338F7C3-B450-4F78-A1ED-C2F1D8F8E81A} [2013/03/27 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{E6DBD918-322C-445A-B894-197862783AB7} [2013/03/26 20:23:30 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{0F8DB3A8-C1CE-4E40-BB4F-F8F1A47F90D6} [2013/03/26 08:23:06 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{FFB187EA-845C-4EDA-825C-9C617EC09A75} [2013/03/25 20:22:41 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{5E46F914-C03C-4BA7-A941-D30F9792E35D} [2013/03/24 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A416B21E-5256-447E-BEE9-C57DD4BAE5E8} [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/22 18:50:04 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3370027837-3986735248-3321321132-1000UA.job [2013/04/22 18:46:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/04/22 18:38:17 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/22 17:52:55 | 000,007,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/22 17:52:54 | 000,007,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/22 16:15:19 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/22 15:20:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/22 15:20:20 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys [2013/04/21 20:50:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3370027837-3986735248-3321321132-1000Core.job [2013/04/20 22:16:52 | 003,194,142 | ---- | M] () -- C:\Users\inas\Desktop\formationVBA.pdf [2013/04/20 00:39:50 | 000,001,024 | ---- | M] () -- C:\Users\inas\Desktop\Adobe Dreamweaver CS6.lnk [2013/04/19 01:08:04 | 000,309,309 | ---- | M] () -- C:\Users\inas\Desktop\inass-chetouki.zip [2013/04/18 12:36:49 | 000,833,828 | ---- | M] () -- C:\Users\inas\Desktop\inass_chetouki.zip [2013/04/13 00:29:19 | 000,105,809 | ---- | M] () -- C:\Users\inas\Desktop\megurine-luka-abstract-anime-anime-girl-butterfly-cute-diva-female-flower-girl.jpg [2013/04/13 00:07:44 | 000,044,904 | ---- | M] () -- C:\Users\inas\Desktop\200711041313088358.jpg [2013/04/13 00:04:34 | 000,007,107 | ---- | M] () -- C:\Users\inas\Desktop\images.jpg [2013/04/12 23:13:50 | 000,909,718 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2013/04/12 23:13:50 | 000,814,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/12 23:13:50 | 000,220,948 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2013/04/12 23:13:50 | 000,191,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/12 13:35:22 | 000,380,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/11 14:51:15 | 000,002,039 | ---- | M] () -- C:\Users\inas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/11 14:51:15 | 000,002,037 | ---- | M] () -- C:\Users\inas\Desktop\Google Chrome.lnk [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/04/03 13:47:21 | 000,006,399 | ---- | M] () -- C:\Users\inas\Desktop\chetouki-inass.zip [2013/04/02 22:08:46 | 000,173,345 | ---- | M] () -- C:\Users\inas\Desktop\Happy-Birthday-31.jpg [2013/04/02 10:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/04/01 22:13:12 | 000,133,014 | ---- | M] () -- C:\Users\inas\Desktop\pic3.jpg [2013/04/01 22:12:12 | 000,049,545 | ---- | M] () -- C:\Users\inas\Desktop\caribbean.jpg [2013/04/01 20:30:32 | 000,104,692 | ---- | M] () -- C:\Users\inas\Desktop\pic2.jpg [2013/04/01 20:16:51 | 000,056,699 | ---- | M] () -- C:\Users\inas\Desktop\SakuraBlossomTree1.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/22 18:46:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2013/04/22 16:15:19 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/20 22:19:31 | 003,194,142 | ---- | C] () -- C:\Users\inas\Desktop\formationVBA.pdf [2013/04/20 00:41:27 | 000,001,024 | ---- | C] () -- C:\Users\inas\Desktop\Adobe Dreamweaver CS6.lnk [2013/04/20 00:39:50 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2013/04/20 00:36:43 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013/04/20 00:36:28 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013/04/20 00:35:59 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013/04/20 00:34:45 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2013/04/19 01:07:25 | 000,309,309 | ---- | C] () -- C:\Users\inas\Desktop\inass-chetouki.zip [2013/04/18 12:34:53 | 000,833,828 | ---- | C] () -- C:\Users\inas\Desktop\inass_chetouki.zip [2013/04/13 00:28:44 | 000,105,809 | ---- | C] () -- C:\Users\inas\Desktop\megurine-luka-abstract-anime-anime-girl-butterfly-cute-diva-female-flower-girl.jpg [2013/04/13 00:07:01 | 000,044,904 | ---- | C] () -- C:\Users\inas\Desktop\200711041313088358.jpg [2013/04/13 00:04:31 | 000,007,107 | ---- | C] () -- C:\Users\inas\Desktop\images.jpg [2013/04/11 21:47:58 | 005,928,332 | ---- | C] () -- C:\Users\inas\Desktop\npp.6.3.Installer.exe [2013/04/03 13:47:06 | 000,006,399 | ---- | C] () -- C:\Users\inas\Desktop\chetouki-inass.zip [2013/04/02 22:08:43 | 000,173,345 | ---- | C] () -- C:\Users\inas\Desktop\Happy-Birthday-31.jpg [2013/04/01 20:25:22 | 000,049,545 | ---- | C] () -- C:\Users\inas\Desktop\caribbean.jpg [2013/04/01 20:22:35 | 000,133,014 | ---- | C] () -- C:\Users\inas\Desktop\pic3.jpg [2013/04/01 20:22:05 | 000,104,692 | ---- | C] () -- C:\Users\inas\Desktop\pic2.jpg [2013/04/01 20:16:48 | 000,056,699 | ---- | C] () -- C:\Users\inas\Desktop\SakuraBlossomTree1.jpg [2012/03/25 21:20:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012/03/25 21:20:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012/03/25 21:19:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012/03/25 21:18:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012/03/24 23:24:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012/03/24 17:24:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/03/24 06:36:56 | 000,909,718 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2012/03/24 06:36:56 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2012/03/24 06:36:56 | 000,220,948 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2012/03/24 06:36:56 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2012/03/24 00:33:03 | 000,000,552 | ---- | C] () -- C:\Users\inas\AppData\Local\d3d8caps.dat [2012/03/23 23:37:10 | 000,010,752 | ---- | C] () -- C:\Users\inas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/23 23:35:13 | 000,001,356 | ---- | C] () -- C:\Users\inas\AppData\Local\d3d9caps.dat [2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 12:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] Invalid Environment Variable: alluserprofile Invalid Environment Variable: alluserprofile [color=#A23BEC]< %appdata%\*. >[/color] [2013/04/20 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Adobe [2012/11/04 13:03:30 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/07/16 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Dev-Cpp [2013/01/31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Downloaded Installations [2013/04/12 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\DVDVideoSoft [2012/07/27 01:42:54 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\DVDVideoSoftIEHelpers [2013/01/31 17:46:09 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\FileOpen [2012/03/23 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Identities [2012/09/25 10:45:05 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Leadertech [2013/03/11 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Macromedia [2013/04/17 14:00:05 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Macrovision [2013/04/22 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Malwarebytes [2013/02/22 21:13:58 | 000,000,000 | --SD | M] -- C:\Users\inas\AppData\Roaming\Microsoft [2012/04/20 22:58:36 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Microsoft Corporation [2012/03/24 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Mozilla [2013/01/31 17:47:34 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Nitro [2012/10/19 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Nitro PDF [2012/10/19 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\OpenCandy [2012/11/23 11:31:21 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Skype [2012/03/24 23:25:08 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Talkback [2012/04/23 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\WinRAR [color=#A23BEC]< %appdata%\*.exe /s >[/color] [2012/11/04 13:02:46 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\inas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [color=#A23BEC]< %systemdrive%\*. >[/color] [2012/03/23 23:35:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012/03/27 10:23:16 | 000,000,000 | ---D | M] -- C:\79fa3076783ef3f3272a [2012/05/11 18:36:24 | 000,000,000 | ---D | M] -- C:\7a5bd4bca1c7578baa939f [2009/02/21 20:59:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa [2013/04/22 16:05:16 | 000,000,000 | RHSD | M] -- C:\Autorun.inf [2012/03/20 16:39:38 | 000,000,000 | ---D | M] -- C:\b909cd39269a428811cb [2012/04/24 19:07:10 | 000,000,000 | -HSD | M] -- C:\boot [2013/04/20 00:35:59 | 000,000,000 | ---D | M] -- C:\Config.Msi [2006/11/02 13:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/03/23 08:18:11 | 000,000,000 | ---D | M] -- C:\drivers [2009/02/21 21:01:25 | 000,000,000 | ---D | M] -- C:\HP [2012/12/24 22:38:18 | 000,000,000 | ---D | M] -- C:\inetpub [2009/08/27 15:36:33 | 000,000,000 | ---D | M] -- C:\logs [2010/03/10 15:57:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010/09/11 02:43:44 | 000,000,000 | ---D | M] -- C:\My Music [2009/09/28 14:03:31 | 000,000,000 | ---D | M] -- C:\peanut [2008/01/21 02:33:10 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/03/25 19:28:43 | 000,000,000 | ---D | M] -- C:\PFiles [2013/04/22 16:15:01 | 000,000,000 | ---D | M] -- C:\Program Files [2013/04/22 16:15:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/08/20 22:48:26 | 000,000,000 | ---D | M] -- C:\Sun [2009/04/22 18:01:34 | 000,000,000 | ---D | M] -- C:\SwSetup [2012/11/04 13:31:01 | 000,000,000 | ---D | M] -- C:\sys [2013/04/22 18:47:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009/02/21 21:01:59 | 000,000,000 | ---D | M] -- C:\System.sav [2013/04/22 16:04:59 | 000,000,000 | ---D | M] -- C:\UsbFix [2012/03/23 23:35:09 | 000,000,000 | ---D | M] -- C:\Users [2013/03/22 07:29:06 | 000,000,000 | ---D | M] -- C:\Windows [2012/03/24 06:18:49 | 000,000,000 | ---D | M] -- C:\Windows.old [color=#A23BEC]< %systemdrive%\*.exe >[/color] [color=#A23BEC]< %programfiles%\*. >[/color] [2013/04/20 00:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2012/11/04 13:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Download Assistant [2013/03/11 14:57:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2012/07/12 12:34:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dev-Cpp [2012/10/19 22:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2012/05/19 11:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab [2012/03/23 23:30:34 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs [2012/03/25 20:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop [2012/03/25 20:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\IIS [2012/05/19 10:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\iLivid [2012/11/22 11:34:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2013/04/12 13:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2012/09/25 10:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech [2013/03/11 14:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia [2013/04/22 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/15 00:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan [2012/06/21 10:19:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2013/04/12 22:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services [2012/03/25 20:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET [2012/09/25 13:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2012/03/25 20:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft F# [2012/03/25 20:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Help Viewer [2013/04/12 22:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2012/05/25 19:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Product Key Finder [2012/05/11 18:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs [2013/02/27 17:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client [2013/03/16 20:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2013/04/12 22:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server [2012/03/25 21:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012/03/25 13:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework [2012/03/25 21:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services [2012/06/10 12:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2012/05/19 12:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 10.0 [2012/06/10 11:56:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2012/09/26 20:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012/06/12 11:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2013/04/12 22:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2012/10/30 20:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Modem HDM EC156 [2012/04/24 18:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2013/04/17 17:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2013/04/18 10:53:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service [2012/06/10 12:02:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2013/01/31 17:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro [2012/10/19 22:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF [2012/11/22 11:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Offline Course Player [2012/11/04 13:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshine [2012/05/23 19:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Recover Keys [2006/11/02 12:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2013/04/11 22:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\SAP BusinessObjects [2012/11/23 10:31:04 | 000,000,000 | R--D | M] -- C:\Program Files\Skype [2012/03/25 12:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics [2006/11/02 13:01:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2012/04/24 18:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar [2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration [2012/04/24 18:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2012/05/09 21:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2012/06/21 10:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2012/06/21 00:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2012/03/23 23:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery [2012/06/21 00:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2012/06/04 17:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2007/05/17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\CyberLink\PowerDirector\EventLog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [2008/01/21 02:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2008/01/21 02:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [color=#A23BEC]< MD5 for: NVRD32.SYS >[/color] [2007/10/31 10:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\drivers\nvrd32.sys [2007/10/31 10:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvrd32.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe [2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe [2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008/01/21 02:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences < End of report >