OTL logfile created on: 30/12/2014 12:47:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrateur\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1,99 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,18% Memory free 2,58 Gb Paging File | 2,22 Gb Available in Paging File | 85,75% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,88 Gb Total Space | 13,78 Gb Free Space | 24,67% Space Free | Partition Type: NTFS Computer Name: SR-632D59112910 | User Name: Administrateur | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/12/30 12:32:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL (1).exe PRC - [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/11/25 07:39:24 | 009,009,480 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll MOD - [2014/11/25 07:39:17 | 001,677,128 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll MOD - [2009/02/27 15:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA MOD - [2008/04/14 03:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2014/12/10 16:04:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/09/12 19:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2013/10/23 08:15:08 | 000,172,192 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/12/21 15:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009/09/19 08:36:04 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009/05/21 13:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009/05/21 12:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2009/05/21 12:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2007/01/24 18:49:28 | 000,912,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Moon Secure Antivirus\msavcore.exe -- (msav) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca1528av.sys -- (Ca1528av) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk1528.sys -- (Bulk1528) DRV - [2014/12/30 12:15:19 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight) DRV - [2014/12/01 12:53:09 | 000,770,784 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/10/17 16:32:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/03/07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009/06/26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000) DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008/01/07 13:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2007/03/16 17:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2005/12/15 09:27:52 | 000,034,639 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX) DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2001/08/23 16:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/ IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.01net.com/telecharger/ [Binary data over 200 bytes] IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1407 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/08 05:14:56 | 000,000,000 | ---D | M] [2009/04/24 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions [2014/12/15 11:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\extensions [2010/05/02 06:11:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/09/07 10:40:39 | 000,002,649 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\searchplugins\bing.xml [2010/01/10 08:39:53 | 000,003,707 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\searchplugins\Wibeez.xml [2013/08/26 07:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: No name found = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: No name found = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2014/04/02 10:09:44 | 000,000,824 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-838170752-682003330-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1482476501-838170752-682003330-500..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-1482476501-838170752-682003330-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237217129391 (WUWebControl Class) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77153EF5-8B88-45B2-BBF0-FB21BEC9643D}: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/13 14:01:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation) NetSvcs: LanmanServer - File not found NetSvcs: LanmanWorkstation - File not found NetSvcs: Messenger - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Netlogon - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Browser - Service SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: LanmanServer - File not found SafeBootNet: LanmanWorkstation - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOS - Service SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Netlogon - Service SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: NtLmSsp - Service SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {48529E3B-643E-FAAF-F81A-6CFB32791A0C} - Rendu VML (Vector Graphics Rendering) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B29AF872-F689-8242-8789-0E69A99E5DB1} - Microsoft Windows Media Player 6.4 ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{DA74DE13-84ED-4456-96DE-95872C5E37C2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/12/30 12:32:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL (1).exe [2014/12/24 11:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller [2014/12/16 17:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nouveau dossier (2) [2014/12/16 17:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\windirstat [2014/12/16 10:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics [2014/12/16 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Auslogics [2014/12/16 10:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2014/12/16 10:03:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent [2014/12/15 15:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2014/12/15 11:31:58 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/12/15 11:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware [2014/12/15 11:31:23 | 000,054,360 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/12/15 11:31:23 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/12/15 11:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014/12/15 11:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014/12/15 11:10:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/12/15 11:08:32 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-2.0.4.1028.exe [2014/12/15 11:03:32 | 001,707,646 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrateur\Bureau\JRT.exe [2014/12/12 15:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP [2014/12/12 15:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2014/12/12 15:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\ZHP [2014/12/11 03:31:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2009/04/24 11:56:01 | 013,253,128 | ---- | C] (Trieu Tran Duc ) -- C:\Program Files\moon-secure-antivirus_moon_secure_antivirus_1.0.0_anglais_72252.exe [2 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/12/30 12:32:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL (1).exe [2014/12/30 12:15:19 | 000,035,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2014/12/30 12:10:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/12/30 12:10:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/12/24 11:16:40 | 015,298,136 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe [2014/12/24 10:57:03 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/12/24 10:57:03 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job [2014/12/24 10:57:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2014/12/24 10:33:42 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500UA.job [2014/12/24 10:12:53 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55470357-6182-4CF1-AE7D-DD802BA25154}.job [2014/12/22 11:40:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\{6099CB98-79EF-4B2B-A027-FB5537C9AE4B} [2014/12/22 11:37:48 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/12/16 16:43:10 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/12/16 10:42:20 | 000,000,120 | ---- | M] () -- C:\Documents [2014/12/16 10:09:12 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Google Chrome.lnk [2014/12/16 10:09:03 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Auslogics DiskDefrag.lnk [2014/12/16 10:06:00 | 000,772,722 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\cc_20141216_100457.reg [2014/12/16 09:59:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2014/12/15 14:44:58 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/12/15 11:31:34 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2014/12/15 11:05:28 | 020,447,072 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-2.0.4.1028.exe [2014/12/15 11:00:16 | 001,707,646 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrateur\Bureau\JRT.exe [2014/12/15 10:58:54 | 002,166,272 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner_4.105.exe [2014/12/12 15:45:06 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2014/12/12 15:36:02 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPFix.lnk [2014/12/12 15:36:02 | 000,001,523 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.lnk [2014/12/11 09:59:30 | 000,504,434 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2014/12/11 09:59:30 | 000,436,134 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/12/11 09:59:30 | 000,082,364 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2014/12/11 09:59:30 | 000,069,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/12/11 03:04:19 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014/12/11 02:27:01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500Core.job [2014/12/10 16:04:33 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2014/12/10 16:04:33 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2014/12/10 08:58:43 | 000,050,451 | ---- | M] () -- C:\WINDOWS\CSTBox.INI [2014/12/09 18:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2014/12/08 17:16:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [2014/12/01 12:53:09 | 000,770,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2014/12/01 12:53:09 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/12/24 11:18:07 | 000,035,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2014/12/24 11:17:52 | 015,298,136 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe [2014/12/22 11:40:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\{6099CB98-79EF-4B2B-A027-FB5537C9AE4B} [2014/12/16 10:09:03 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Auslogics DiskDefrag.lnk [2014/12/16 10:05:03 | 000,772,722 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\cc_20141216_100457.reg [2014/12/16 09:59:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2014/12/15 11:31:34 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2014/12/15 11:03:32 | 002,166,272 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner_4.105.exe [2014/12/12 15:45:06 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2014/12/12 15:38:05 | 000,000,120 | ---- | C] () -- C:\Documents [2014/12/12 15:36:02 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPFix.lnk [2014/12/12 15:36:02 | 000,001,523 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.lnk [2014/12/01 12:53:09 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2014/07/23 17:20:13 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2014/06/10 16:36:38 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL [2014/04/23 10:05:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono [2014/04/17 08:27:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini [2014/03/26 12:10:36 | 000,000,916 | RHS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.pol [2014/03/22 09:24:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:40 | 000,000,046 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,042 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,034 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.ini [2014/03/22 09:24:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.ini [2014/03/22 09:24:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CorelPP.ini [2014/03/22 09:04:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI [2014/02/04 05:46:02 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\WB.CFG [2014/02/01 07:18:48 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2013/12/12 15:05:09 | 000,000,089 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini [2013/12/12 15:05:08 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\FTDIUNIN.exe [2013/08/13 07:00:36 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc [2013/03/08 05:15:48 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/08 05:15:47 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2011/10/15 07:27:32 | 002,288,366 | ---- | C] () -- C:\Program Files\FTPExpert2.rar [2010/05/03 19:41:58 | 000,020,607 | ---- | C] () -- C:\Program Files\Illustrator CS3 Read Me.html [2010/04/28 05:43:32 | 000,000,066 | ---- | C] () -- C:\Program Files\TETE20100427.ram [2010/03/21 10:24:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PUTTY.RND [2010/01/29 08:42:52 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/13 15:24:06 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/08/13 15:24:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Application Support [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/12/23 15:39:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014/12/10 08:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon [2014/10/24 08:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\eMule [2014/12/16 10:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FileZilla [2010/01/10 08:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Icones [2011/09/15 05:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller [2009/08/13 15:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Nikon [2013/10/22 06:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Notepad++ [2009/08/13 10:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org [2013/05/15 12:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PDF Architect [2014/12/16 10:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeamViewer [2009/03/17 10:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird [2009/08/14 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems [2010/03/08 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\X-Chat 2 [2014/12/16 10:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ZHP [2013/08/03 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2014/12/16 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics [2011/02/25 07:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/01/07 15:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/01/13 08:13:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV [2009/08/13 15:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2013/01/10 07:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2014/02/24 07:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2014/12/24 11:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller [2013/08/26 07:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/08/13 15:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2013/01/10 07:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F} [2013/01/10 07:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690} [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< MD5 for: AFD.SYS >[/color] [2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys [2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys [2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys [2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2004/08/05 11:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys [2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008/06/20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/05 11:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color] [2004/08/05 11:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys [2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys [2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys [2008/04/14 03:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys [2008/04/14 03:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys [2004/08/05 11:00:00 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys [color=#A23BEC]< MD5 for: IPSEC.SYS >[/color] [2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys [2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys [2004/08/05 11:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys [color=#A23BEC]< MD5 for: LSASS.EXE >[/color] [2008/04/14 03:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe [2008/04/14 03:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe [2004/08/05 11:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=9F3744A5C6F49291A7A685040A013399 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe [color=#A23BEC]< MD5 for: NETBT.SYS >[/color] [2004/08/05 11:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys [2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys [2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys [color=#A23BEC]< MD5 for: REDBOOK.SYS >[/color] [2004/08/05 11:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/14 02:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/14 02:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2004/08/05 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=1BD6C2F707A275CB7C16FD99FE0F31CA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe [2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2004/08/05 11:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/05 11:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2004/08/05 11:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=313B1A0D5DB26DFE1C34A6C13B2CE0A7 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys [2008/04/14 02:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys [2008/04/14 02:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe [2004/08/05 11:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2011/12/26 17:50:55 | 012,090,936 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Application Data\Google\Google Pinyin 2\pinyin-2.6.18.100\GooglePinyinInstaller.exe [2011/12/19 06:14:38 | 002,763,832 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Application Data\Google\Google Pinyin 2\pinyin-2.6.18.99\GooglePinyinUpdater.exe [2009/09/01 16:16:46 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/02/13 14:01:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/02/13 13:54:57 | 000,000,212 | -HS- | M] () -- C:\boot.ini [2004/08/05 11:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009/02/13 14:01:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/11/16 07:27:49 | 000,113,120 | ---- | M] () -- C:\Denis Papin_fin_1510.rtf [2014/12/16 10:42:20 | 000,000,120 | ---- | M] () -- C:\Documents [2011/07/27 06:57:38 | 000,115,224 | ---- | M] () -- C:\img2-001.raw [2009/09/30 04:48:20 | 025,116,170 | ---- | M] () -- C:\IMGP2299.MOV [2009/02/13 14:01:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/02/13 14:01:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/05 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/03/16 17:10:10 | 000,252,240 | RHS- | M] () -- C:\ntldr [2014/12/30 12:10:09 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2014/12/12 15:45:06 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011/02/24 10:04:00 | 000,023,676 | ---- | M] () -- C:\PRO_LIA-954-09-17-10logo-chinefrance reenreg.eps [2011/02/24 15:12:19 | 000,044,492 | ---- | M] () -- C:\PRO_LIA-954-09-17-10logo-chinefrancereenr.pdf [2013/02/01 08:32:17 | 164,909,468 | ---- | M] () -- C:\serveur.sql [2011/03/19 22:17:03 | 000,004,608 | -HS- | M] () -- C:\Thumbs.db [2011/01/22 15:31:06 | 063,102,184 | ---- | M] () -- C:\Unknown artist - Untitled.AVI [2009/09/01 16:12:51 | 000,006,099 | ---- | M] () -- C:\WirelessDiagLog.csv [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2011/10/15 07:27:35 | 002,288,366 | ---- | M] () -- C:\Program Files\FTPExpert2.rar [2007/03/13 23:46:08 | 000,020,607 | ---- | M] () -- C:\Program Files\Illustrator CS3 Read Me.html [2009/04/24 11:56:05 | 013,253,128 | ---- | M] (Trieu Tran Duc ) -- C:\Program Files\moon-secure-antivirus_moon_secure_antivirus_1.0.0_anglais_72252.exe [2010/04/28 05:43:32 | 000,000,066 | ---- | M] () -- C:\Program Files\TETE20100427.ram [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.* >[/color] [2007/08/13 18:54:10 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\custsat.dll [2009/03/08 03:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe [2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\hmmapi.dll [2009/01/11 20:05:26 | 000,002,649 | ---- | M] () -- C:\Program Files\Internet Explorer\ie8props.propdesc [2009/03/08 03:35:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iecompat.dll [2014/03/06 18:58:52 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll [2007/08/13 18:44:02 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedw.exe [2014/03/06 18:58:52 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll [2009/03/08 13:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:16:46 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe.mui [2014/03/06 18:58:52 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll [2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll [2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll [2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll [2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll [2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll [2014/03/06 18:58:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\xpshims.dll [color=#A23BEC]< %USERPROFILE%\*.* >[/color] [2014/12/30 12:08:53 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT [2014/12/30 12:49:44 | 000,544,768 | -H-- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat.LOG [2014/12/30 12:08:54 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini [2014/04/25 08:58:01 | 000,000,916 | RHS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.pol [2009/09/01 16:14:11 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\Administrateur\titi.txt [2009/09/01 12:21:56 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\Administrateur\toto.txt [color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] [color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.exe >[/color] [color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.dll >[/color] [2010/12/09 16:15:19 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\dllnt_dump.dll [28 C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp -> ] [color=#A23BEC]< %USERPROFILE%\Application Data\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\DBBK\*.* /s >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.* >[/color] [2014/12/16 09:59:49 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat [2014/12/16 09:59:49 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\*.exe /90 >[/color] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /90 >[/color] [2014/11/18 14:56:48 | 001,202,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\FM20.DLL [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2014/12/01 12:53:09 | 000,770,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2014/11/21 06:14:14 | 000,054,360 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys [2014/12/15 14:44:58 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2014/12/30 12:15:19 | 000,035,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys [color=#A23BEC]< %systemroot%\system32\*.exe /90 >[/color] [2014/12/10 16:04:33 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe [2014/12/11 03:08:43 | 109,818,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe [color=#A23BEC]< %systemroot%\system32\config\*.sav >[/color] [2009/02/13 14:46:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009/02/13 14:46:31 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009/02/13 14:46:30 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2001/04/19 06:00:00 | 000,008,176 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD36.DLL [2008/10/09 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD99.DLL [2001/04/19 06:00:00 | 000,028,928 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP36.DLL [2008/10/09 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP99.DLL [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color] [2012/04/14 05:27:55 | 003,186,688 | ---- | M] () MD5=47B341F0931D6D11364145FFC6BBB1E7 -- C:\WINDOWS\assembly\tmp\09HOV2AH\System.dll [2013/01/10 05:47:36 | 000,348,160 | ---- | M] () MD5=996AAEEC01C734347DE8A72542FD1C12 -- C:\WINDOWS\assembly\tmp\3ENV4DMV\Microsoft.Build.Engine.dll [2013/02/15 06:27:58 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\tmp\4FNW4DMU\System.Data.dll [2013/01/10 05:47:03 | 000,659,456 | ---- | M] () MD5=EFC806A1C4C6CE9F69AECE0AB72C1E34 -- C:\WINDOWS\assembly\tmp\7IRZ8GPX\Microsoft.VisualBasic.dll [2011/08/12 05:23:38 | 000,258,048 | ---- | M] () MD5=0DFCD96DED6DB52064203C07B927357E -- C:\WINDOWS\assembly\tmp\X7ELT07E\System.Security.dll [2011/04/14 02:12:24 | 000,188,416 | ---- | M] () MD5=F0D4CE77F1F9D9A7468335B1CE4C061B -- C:\WINDOWS\assembly\tmp\Z8GNU07F\System.DirectoryServices.Protocols.dll [color=#A23BEC]< %systemroot%\assembly\GAC_32\*.* /S /MD5 >[/color] [2014/02/14 03:34:07 | 000,069,120 | ---- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2014/02/14 03:34:15 | 000,072,192 | ---- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2012/07/12 05:57:26 | 000,117,160 | ---- | M] () MD5=569124F95660007F8C470D00A96CBD7D -- C:\WINDOWS\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll [2009/12/27 03:06:49 | 000,163,840 | ---- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2011/01/06 05:13:00 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll [2014/02/14 03:34:30 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2014/02/14 03:34:30 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2014/02/14 03:34:30 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2014/02/14 03:34:30 | 004,550,656 | ---- | M] () MD5=09ACF833CA462CCE1B3F335DA8584BD8 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2014/02/14 03:34:30 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2014/02/14 03:34:30 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2014/02/14 03:34:30 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2014/02/14 03:34:30 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2014/02/14 03:34:30 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2014/02/14 03:34:30 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2014/02/14 03:34:30 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2014/02/14 03:34:30 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2014/02/14 03:34:30 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2014/02/14 03:34:30 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2013/07/11 05:01:28 | 004,214,784 | ---- | M] () MD5=F2E812E2DE09ACB08120D4280EFAB765 -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2014/02/14 03:34:33 | 000,486,400 | ---- | M] () MD5=759FD3779911F89C450CCAE06B92AE3A -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2014/02/14 03:34:34 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2014/02/14 03:34:10 | 000,258,048 | ---- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2014/02/14 03:34:10 | 000,113,664 | ---- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013/07/11 05:01:34 | 000,368,640 | ---- | M] () MD5=1BC9A94494AB1E26E1A72A4C3227EB95 -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2014/02/14 03:34:19 | 000,261,632 | ---- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2014/02/14 03:33:35 | 005,279,744 | ---- | M] () MD5=7D8495351F970C304BB71DF0458885B9 -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll [color=#A23BEC]< %systemroot%\assembly\GAC_64\*.* /S /MD5 >[/color] [color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >[/color] [color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >[/color] [color=#A23BEC]< %windir%\temp*.* >[/color] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#A23BEC]< "%WinDir%\$NtUninstallKB*$." /30 >[/color] [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color] "DefaultConnectionSettings" = 46 00 00 00 F3 0C 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 05 00 00 00 00 00 00 00 40 BB 14 5B 50 18 D0 01 01 00 00 00 C0 A8 00 9D 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 80 02 00 00 00 00 00 00 00 02 00 00 01 00 00 00 80 02 00 00 01 00 00 00 00 02 00 00 02 00 00 00 80 02 00 00 02 00 00 00 00 02 00 00 03 00 00 00 65 00 3B 00 65 00 6E 00 64 00 73 00 74 00 72 00 75 00 63 00 74 00 3B 00 75 00 69 00 6E 00 74 00 20 00 43 00 68 00 61 00 02 00 00 00 C0 A8 00 0B 00 00 00 00 00 00 00 00 64 00 6C 00 65 00 20 00 68 00 49 00 74 00 65 00 6D 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4E 00 65 00 77 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4F 00 6C 00 64 00 3B 00 6C 00 70 00 61 00 72 00 61 00 6D 00 20 00 6C 00 50 00 61 00 72 00 61 00 6D 00 3B 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes] "SavedLegacySettings" = 46 00 00 00 F8 45 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 05 00 00 00 00 00 00 00 40 BB 14 5B 50 18 D0 01 01 00 00 00 C0 A8 00 9D 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 80 02 00 00 00 00 00 00 00 02 00 00 01 00 00 00 80 02 00 00 01 00 00 00 00 02 00 00 02 00 00 00 80 02 00 00 02 00 00 00 00 02 00 00 03 00 00 00 65 00 3B 00 65 00 6E 00 64 00 73 00 74 00 72 00 75 00 63 00 74 00 3B 00 75 00 69 00 6E 00 74 00 20 00 43 00 68 00 61 00 02 00 00 00 C0 A8 00 0B 00 00 00 00 00 00 00 00 64 00 6C 00 65 00 20 00 68 00 49 00 74 00 65 00 6D 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4E 00 65 00 77 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4F 00 6C 00 64 00 3B 00 6C 00 70 00 61 00 72 00 61 00 6D 00 20 00 6C 00 50 00 61 00 72 00 61 00 6D 00 3B 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-12-11 02:41:15 [color=#A23BEC]< C:\Program Files\Common Files\ComObjects\*.* / >[/color] Invalid Switch: [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2012/08/21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe [2012/08/21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe [2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\AcrobatUpdater.exe [2012/01/03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\AdobeARM.exe [2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\AdobeARMHelper.exe [2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\ReaderUpdater.exe [2012/09/24 05:10:21 | 037,854,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\AdbeRdr11000_fr_FR.exe [2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\AcrobatUpdater.exe [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\AdobeARM.exe [2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\AdobeARMHelper.exe [2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\ReaderUpdater.exe [2012/01/03 18:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-A95000000001}\Setup.exe [2012/09/24 04:48:35 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AB0000000001}\setup.exe [2013/08/03 15:16:08 | 000,077,136 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe [2008/11/11 18:32:32 | 000,079,184 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe [color=#A23BEC]< >[/color] [2009/02/13 13:58:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2009/02/13 14:06:05 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2009/08/31 10:58:56 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55470357-6182-4CF1-AE7D-DD802BA25154}.job [2009/10/04 09:45:03 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job [2010/10/24 08:22:58 | 000,001,052 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2010/10/24 08:22:59 | 000,001,056 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2011/02/14 18:28:35 | 000,001,132 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500Core.job [2011/02/14 18:28:36 | 000,001,184 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500UA.job [2012/07/08 21:08:13 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job [2012/08/15 09:32:31 | 000,001,002 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2013/04/11 03:46:47 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2014/03/22 09:28:40 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [2014/03/22 09:28:41 | 000,000,240 | ---- | C] () -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job < End of report >