cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 22/04/2013 18:44:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\inas\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 52,15% Memory free
6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,58 Gb Total Space | 91,60 Gb Free Space | 31,85% Space Free | Partition Type: NTFS
Drive D: | 10,51 Gb Total Space | 1,71 Gb Free Space | 16,30% Space Free | Partition Type: NTFS
Drive F: | 1,87 Gb Total Space | 1,62 Gb Free Space | 86,56% Space Free | Partition Type: FAT

Computer Name: PC-BUREAU | User Name: inas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\inas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool8) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Modem HDM EC156. RunOuc) -- C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (msvsmon100) -- c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x86\rdbgservice.exe (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MpKsl05de797f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D64CE0-4001-4168-AD33-5E139AE9C927}\MpKsl05de797f.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNPR: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\inas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\inas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/17 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/17 17:01:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/17 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/17 17:01:46 | 000,000,000 | ---D | M]

[2012/03/24 23:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inas\AppData\Roaming\Mozilla\Extensions
[2012/12/18 07:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inas\AppData\Roaming\Mozilla\Firefox\Profiles\pj5pkcnl.default\extensions
[2012/12/18 07:47:09 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\inas\AppData\Roaming\Mozilla\Firefox\Profiles\pj5pkcnl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/04/17 17:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/26 14:05:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/04/17 17:03:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/28 04:00:08 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOlp32.dll
[2013/01/29 17:45:08 | 000,001,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2013/01/06 21:54:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/06 21:54:48 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013/02/27 18:01:50 | 000,001,472 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2013/01/29 17:45:08 | 000,001,399 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2013/01/06 21:54:48 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.ma/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\inas\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\inas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\inas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\inas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\inas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\inas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\inas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FD485D-32AF-42CB-8DA4-180E3C0AE727}: DhcpNameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6958BB0E-30FD-424D-A8D6-CDD5ED5449FA}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9833CE08-F1AC-45EA-AA72-ED7F79FED776}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\inas\Pictures\23.jpg
O24 - Desktop BackupWallPaper: C:\Users\inas\Pictures\23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/04/22 16:05:16 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/04/22 16:05:16 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/04/22 16:05:18 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ]
O33 - MountPoints2\{cc8f6377-2290-11e2-a977-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{cc8f6377-2290-11e2-a977-001e101f7fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/22 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Nouveau dossier (2)
[2013/04/22 16:15:37 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Roaming\Malwarebytes
[2013/04/22 16:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/22 16:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/22 16:15:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/22 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/22 16:05:16 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2013/04/22 16:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/04/22 15:33:20 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013/04/22 07:25:16 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{505CEDE8-0791-4A93-B9CB-46F7F80FD435}
[2013/04/21 13:50:08 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A0EFBC34-23BD-4472-8B9D-6CD1B357A5F8}
[2013/04/20 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Site sans nom 2
[2013/04/20 15:00:46 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{312C053B-5F60-420A-B127-6BA5A200AA7D}
[2013/04/20 00:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/04/19 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\2.Adobe Dreamweaver CS6 setup
[2013/04/19 21:03:28 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{FECC2260-59C9-4D3D-98BD-ACC3B1BF5792}
[2013/04/18 12:35:38 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\projetChasseur
[2013/04/18 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\projetOuvrage
[2013/04/18 11:02:49 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A99D1224-90BB-4E0C-847A-197CF5BFD048}
[2013/04/18 02:28:57 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WindowsApplication20
[2013/04/17 17:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/17 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\History
[2013/04/17 14:00:05 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Roaming\Macrovision
[2013/04/17 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9E6A6FEC-73D5-4CA2-923D-05DB4807B120}
[2013/04/16 13:42:07 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9D30ACC0-5272-45B5-8172-012DDB2BE768}
[2013/04/15 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{1DC9B925-4D2C-472B-8179-2B1A0C5F7A95}
[2013/04/14 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{0A0042E6-E3FC-49E1-BAF1-E97680D58D06}
[2013/04/14 02:10:45 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{64C32EA8-8C3A-4F71-9055-5F43E1807050}
[2013/04/13 14:10:20 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{797FFA98-3C7F-473D-B33F-043C9A607EB4}
[2013/04/12 23:13:49 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-ReportServer-rsctr.dll
[2013/04/12 23:10:18 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQLSERVER-sqlctr10.0.1600.22.dll
[2013/04/12 22:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/04/12 22:53:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2013/04/12 21:05:11 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\logishrd
[2013/04/12 15:40:40 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Integration Services Script Component
[2013/04/12 15:40:27 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\Integration Services Script Task
[2013/04/12 12:55:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/12 12:55:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/12 12:55:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/12 12:55:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/12 12:55:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/12 12:55:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/12 12:55:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/12 12:55:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/12 12:46:00 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{C5AAD6DB-1008-48F6-88A3-5A9C3F9EDDC7}
[2013/04/11 22:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\SAP BusinessObjects
[2013/04/11 22:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013/04/11 21:49:14 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\CRforVS_13_0_2
[2013/04/11 14:25:55 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/11 14:25:54 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/11 14:25:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/11 14:25:43 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/11 14:25:31 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/11 14:10:43 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A19AF026-118C-4B97-914D-C9FBDBCA9ECA}
[2013/04/06 20:46:07 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{C2EF1777-A5C2-4775-AAF0-A730D2A21E1D}
[2013/04/06 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9EF80A27-614E-4B6C-B3A3-1444FC6F6898}
[2013/04/05 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{FFCC8B25-778B-4251-A5D5-95153AE324BE}
[2013/04/05 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{4E67D11E-CD70-4FBD-9F07-884E4275EE9B}
[2013/04/04 12:14:05 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{01A9DCD2-262E-4025-B6E3-AC975F6EC81F}
[2013/04/03 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\Chetouki_inass
[2013/04/03 13:37:22 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{594A0E6D-47A9-4543-B9E4-CF34E336ADF4}
[2013/04/03 06:57:16 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{2D617E5A-5866-4F24-9890-7C2483C7A6C8}
[2013/04/02 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WebApplication2
[2013/04/02 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\examaenVariante9
[2013/04/02 22:47:47 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WebApplication3
[2013/04/02 11:31:59 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{59E03E84-505C-4EAC-BB40-7048179E3D13}
[2013/04/01 22:42:44 | 000,000,000 | ---D | C] -- C:\Users\inas\Documents\site2
[2013/04/01 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{5C23FCB1-55D3-4551-BAED-769F4635EA07}
[2013/03/31 14:31:43 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{DDE3841E-6B91-42AA-A6E4-82F723448499}
[2013/03/30 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{EDAF8A3C-097F-459D-83C5-82A46FB2ADF3}
[2013/03/30 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{9C02EA03-F8F3-4291-9251-9EA3A09B1C0B}
[2013/03/29 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{3BD83FD5-09C9-4E1A-BFEF-CDECCEA3EC74}
[2013/03/29 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{14383980-0755-44DB-A630-5F6B29B4D6A1}
[2013/03/28 18:37:06 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{5A0A8938-ACF8-435E-A840-6C361A89DA16}
[2013/03/28 12:41:45 | 000,000,000 | ---D | C] -- C:\Users\inas\Desktop\WindowsApplication2
[2013/03/28 12:28:15 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{8338F7C3-B450-4F78-A1ED-C2F1D8F8E81A}
[2013/03/27 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{E6DBD918-322C-445A-B894-197862783AB7}
[2013/03/26 20:23:30 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{0F8DB3A8-C1CE-4E40-BB4F-F8F1A47F90D6}
[2013/03/26 08:23:06 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{FFB187EA-845C-4EDA-825C-9C617EC09A75}
[2013/03/25 20:22:41 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{5E46F914-C03C-4BA7-A941-D30F9792E35D}
[2013/03/24 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\inas\AppData\Local\{A416B21E-5256-447E-BEE9-C57DD4BAE5E8}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/22 18:50:04 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3370027837-3986735248-3321321132-1000UA.job
[2013/04/22 18:46:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/04/22 18:38:17 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/22 17:52:55 | 000,007,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 17:52:54 | 000,007,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 16:15:19 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/22 15:20:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 15:20:20 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/21 20:50:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3370027837-3986735248-3321321132-1000Core.job
[2013/04/20 22:16:52 | 003,194,142 | ---- | M] () -- C:\Users\inas\Desktop\formationVBA.pdf
[2013/04/20 00:39:50 | 000,001,024 | ---- | M] () -- C:\Users\inas\Desktop\Adobe Dreamweaver CS6.lnk
[2013/04/19 01:08:04 | 000,309,309 | ---- | M] () -- C:\Users\inas\Desktop\inass-chetouki.zip
[2013/04/18 12:36:49 | 000,833,828 | ---- | M] () -- C:\Users\inas\Desktop\inass_chetouki.zip
[2013/04/13 00:29:19 | 000,105,809 | ---- | M] () -- C:\Users\inas\Desktop\megurine-luka-abstract-anime-anime-girl-butterfly-cute-diva-female-flower-girl.jpg
[2013/04/13 00:07:44 | 000,044,904 | ---- | M] () -- C:\Users\inas\Desktop\200711041313088358.jpg
[2013/04/13 00:04:34 | 000,007,107 | ---- | M] () -- C:\Users\inas\Desktop\images.jpg
[2013/04/12 23:13:50 | 000,909,718 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/04/12 23:13:50 | 000,814,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/12 23:13:50 | 000,220,948 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/04/12 23:13:50 | 000,191,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/12 13:35:22 | 000,380,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/11 14:51:15 | 000,002,039 | ---- | M] () -- C:\Users\inas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/11 14:51:15 | 000,002,037 | ---- | M] () -- C:\Users\inas\Desktop\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 13:47:21 | 000,006,399 | ---- | M] () -- C:\Users\inas\Desktop\chetouki-inass.zip
[2013/04/02 22:08:46 | 000,173,345 | ---- | M] () -- C:\Users\inas\Desktop\Happy-Birthday-31.jpg
[2013/04/02 10:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/01 22:13:12 | 000,133,014 | ---- | M] () -- C:\Users\inas\Desktop\pic3.jpg
[2013/04/01 22:12:12 | 000,049,545 | ---- | M] () -- C:\Users\inas\Desktop\caribbean.jpg
[2013/04/01 20:30:32 | 000,104,692 | ---- | M] () -- C:\Users\inas\Desktop\pic2.jpg
[2013/04/01 20:16:51 | 000,056,699 | ---- | M] () -- C:\Users\inas\Desktop\SakuraBlossomTree1.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/04/22 18:46:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/04/22 16:15:19 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/20 22:19:31 | 003,194,142 | ---- | C] () -- C:\Users\inas\Desktop\formationVBA.pdf
[2013/04/20 00:41:27 | 000,001,024 | ---- | C] () -- C:\Users\inas\Desktop\Adobe Dreamweaver CS6.lnk
[2013/04/20 00:39:50 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2013/04/20 00:36:43 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/04/20 00:36:28 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/04/20 00:35:59 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/04/20 00:34:45 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2013/04/19 01:07:25 | 000,309,309 | ---- | C] () -- C:\Users\inas\Desktop\inass-chetouki.zip
[2013/04/18 12:34:53 | 000,833,828 | ---- | C] () -- C:\Users\inas\Desktop\inass_chetouki.zip
[2013/04/13 00:28:44 | 000,105,809 | ---- | C] () -- C:\Users\inas\Desktop\megurine-luka-abstract-anime-anime-girl-butterfly-cute-diva-female-flower-girl.jpg
[2013/04/13 00:07:01 | 000,044,904 | ---- | C] () -- C:\Users\inas\Desktop\200711041313088358.jpg
[2013/04/13 00:04:31 | 000,007,107 | ---- | C] () -- C:\Users\inas\Desktop\images.jpg
[2013/04/11 21:47:58 | 005,928,332 | ---- | C] () -- C:\Users\inas\Desktop\npp.6.3.Installer.exe
[2013/04/03 13:47:06 | 000,006,399 | ---- | C] () -- C:\Users\inas\Desktop\chetouki-inass.zip
[2013/04/02 22:08:43 | 000,173,345 | ---- | C] () -- C:\Users\inas\Desktop\Happy-Birthday-31.jpg
[2013/04/01 20:25:22 | 000,049,545 | ---- | C] () -- C:\Users\inas\Desktop\caribbean.jpg
[2013/04/01 20:22:35 | 000,133,014 | ---- | C] () -- C:\Users\inas\Desktop\pic3.jpg
[2013/04/01 20:22:05 | 000,104,692 | ---- | C] () -- C:\Users\inas\Desktop\pic2.jpg
[2013/04/01 20:16:48 | 000,056,699 | ---- | C] () -- C:\Users\inas\Desktop\SakuraBlossomTree1.jpg
[2012/03/25 21:20:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/25 21:20:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/25 21:19:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/25 21:18:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/24 23:24:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/03/24 17:24:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/24 06:36:56 | 000,909,718 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2012/03/24 06:36:56 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2012/03/24 06:36:56 | 000,220,948 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2012/03/24 06:36:56 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2012/03/24 00:33:03 | 000,000,552 | ---- | C] () -- C:\Users\inas\AppData\Local\d3d8caps.dat
[2012/03/23 23:37:10 | 000,010,752 | ---- | C] () -- C:\Users\inas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 23:35:13 | 000,001,356 | ---- | C] () -- C:\Users\inas\AppData\Local\d3d9caps.dat
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 12:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
Invalid Environment Variable: alluserprofile
Invalid Environment Variable: alluserprofile

[color=#A23BEC]< %appdata%\*. >[/color]
[2013/04/20 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Adobe
[2012/11/04 13:03:30 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/16 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Dev-Cpp
[2013/01/31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Downloaded Installations
[2013/04/12 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\DVDVideoSoft
[2012/07/27 01:42:54 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/01/31 17:46:09 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\FileOpen
[2012/03/23 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Identities
[2012/09/25 10:45:05 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Leadertech
[2013/03/11 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Macromedia
[2013/04/17 14:00:05 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Macrovision
[2013/04/22 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Malwarebytes
[2013/02/22 21:13:58 | 000,000,000 | --SD | M] -- C:\Users\inas\AppData\Roaming\Microsoft
[2012/04/20 22:58:36 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Microsoft Corporation
[2012/03/24 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Mozilla
[2013/01/31 17:47:34 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Nitro
[2012/10/19 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Nitro PDF
[2012/10/19 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\OpenCandy
[2012/11/23 11:31:21 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Skype
[2012/03/24 23:25:08 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\Talkback
[2012/04/23 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\inas\AppData\Roaming\WinRAR

[color=#A23BEC]< %appdata%\*.exe /s >[/color]
[2012/11/04 13:02:46 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\inas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[color=#A23BEC]< %systemdrive%\*. >[/color]
[2012/03/23 23:35:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012/03/27 10:23:16 | 000,000,000 | ---D | M] -- C:\79fa3076783ef3f3272a
[2012/05/11 18:36:24 | 000,000,000 | ---D | M] -- C:\7a5bd4bca1c7578baa939f
[2009/02/21 20:59:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa
[2013/04/22 16:05:16 | 000,000,000 | RHSD | M] -- C:\Autorun.inf
[2012/03/20 16:39:38 | 000,000,000 | ---D | M] -- C:\b909cd39269a428811cb
[2012/04/24 19:07:10 | 000,000,000 | -HSD | M] -- C:\boot
[2013/04/20 00:35:59 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2006/11/02 13:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/03/23 08:18:11 | 000,000,000 | ---D | M] -- C:\drivers
[2009/02/21 21:01:25 | 000,000,000 | ---D | M] -- C:\HP
[2012/12/24 22:38:18 | 000,000,000 | ---D | M] -- C:\inetpub
[2009/08/27 15:36:33 | 000,000,000 | ---D | M] -- C:\logs
[2010/03/10 15:57:34 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/09/11 02:43:44 | 000,000,000 | ---D | M] -- C:\My Music
[2009/09/28 14:03:31 | 000,000,000 | ---D | M] -- C:\peanut
[2008/01/21 02:33:10 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/03/25 19:28:43 | 000,000,000 | ---D | M] -- C:\PFiles
[2013/04/22 16:15:01 | 000,000,000 | ---D | M] -- C:\Program Files
[2013/04/22 16:15:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/08/20 22:48:26 | 000,000,000 | ---D | M] -- C:\Sun
[2009/04/22 18:01:34 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012/11/04 13:31:01 | 000,000,000 | ---D | M] -- C:\sys
[2013/04/22 18:47:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/02/21 21:01:59 | 000,000,000 | ---D | M] -- C:\System.sav
[2013/04/22 16:04:59 | 000,000,000 | ---D | M] -- C:\UsbFix
[2012/03/23 23:35:09 | 000,000,000 | ---D | M] -- C:\Users
[2013/03/22 07:29:06 | 000,000,000 | ---D | M] -- C:\Windows
[2012/03/24 06:18:49 | 000,000,000 | ---D | M] -- C:\Windows.old

[color=#A23BEC]< %systemdrive%\*.exe >[/color]

[color=#A23BEC]< %programfiles%\*. >[/color]
[2013/04/20 00:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/11/04 13:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Download Assistant
[2013/03/11 14:57:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/07/12 12:34:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dev-Cpp
[2012/10/19 22:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2012/05/19 11:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
[2012/03/23 23:30:34 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
[2012/03/25 20:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2012/03/25 20:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\IIS
[2012/05/19 10:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\iLivid
[2012/11/22 11:34:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2013/04/12 13:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/25 10:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2013/03/11 14:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2013/04/22 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/15 00:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2012/06/21 10:19:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2013/04/12 22:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2012/03/25 20:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET
[2012/09/25 13:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/03/25 20:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft F#
[2012/03/25 20:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Help Viewer
[2013/04/12 22:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/25 19:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Product Key Finder
[2012/05/11 18:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2013/02/27 17:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2013/03/16 20:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2013/04/12 22:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2012/03/25 21:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/25 13:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2012/03/25 21:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2012/06/10 12:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/05/19 12:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012/06/10 11:56:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/09/26 20:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/06/12 11:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2013/04/12 22:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/10/30 20:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Modem HDM EC156
[2012/04/24 18:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2013/04/17 17:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2013/04/18 10:53:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/10 12:02:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2013/01/31 17:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro
[2012/10/19 22:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2012/11/22 11:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Offline Course Player
[2012/11/04 13:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshine
[2012/05/23 19:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Recover Keys
[2006/11/02 12:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2013/04/11 22:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\SAP BusinessObjects
[2012/11/23 10:31:04 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/03/25 12:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/11/02 13:01:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/04/24 18:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2012/04/24 18:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/09 21:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/06/21 10:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/06/21 00:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2012/03/23 23:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2012/06/21 00:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012/04/24 18:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/06/04 17:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007/05/17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/21 02:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/21 02:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NVRD32.SYS >[/color]
[2007/10/31 10:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\drivers\nvrd32.sys
[2007/10/31 10:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvrd32.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/21 02:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >

Publicité

Signaler le contenu de ce document

Publicité