otl.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 30/12/2014 12:47:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,18% Memory free
2,58 Gb Paging File | 2,22 Gb Available in Paging File | 85,75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 13,78 Gb Free Space | 24,67% Space Free | Partition Type: NTFS

Computer Name: SR-632D59112910 | User Name: Administrateur | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/12/30 12:32:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL (1).exe
PRC - [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/11/25 07:39:24 | 009,009,480 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 07:39:17 | 001,677,128 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2009/02/27 15:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/04/14 03:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/12/10 16:04:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 19:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/23 08:15:08 | 000,172,192 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/12/21 15:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009/09/19 08:36:04 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/05/21 13:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 12:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/05/21 12:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/01/24 18:49:28 | 000,912,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Moon Secure Antivirus\msavcore.exe -- (msav)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca1528av.sys -- (Ca1528av)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk1528.sys -- (Bulk1528)
DRV - [2014/12/30 12:15:19 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2014/12/01 12:53:09 | 000,770,784 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/10/17 16:32:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/01/07 13:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2007/03/16 17:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/12/15 09:27:52 | 000,034,639 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/23 16:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.01net.com/telecharger/ [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-838170752-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1407
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/08 05:14:56 | 000,000,000 | ---D | M]

[2009/04/24 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2014/12/15 11:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\extensions
[2010/05/02 06:11:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/07 10:40:39 | 000,002,649 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\searchplugins\bing.xml
[2010/01/10 08:39:53 | 000,003,707 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qya8jmwo.default\searchplugins\Wibeez.xml
[2013/08/26 07:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: MicrosoftÂ® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: MicrosoftÂ® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/04/02 10:09:44 | 000,000,824 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-838170752-682003330-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1482476501-838170752-682003330-500..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1482476501-838170752-682003330-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-838170752-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237217129391 (WUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77153EF5-8B88-45B2-BBF0-FB21BEC9643D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/13 14:01:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: LanmanServer - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Netlogon - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: LanmanServer - File not found
SafeBootNet: LanmanWorkstation - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - Service
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - Service
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {48529E3B-643E-FAAF-F81A-6CFB32791A0C} - Rendu VML (Vector Graphics Rendering)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B29AF872-F689-8242-8789-0E69A99E5DB1} - Microsoft Windows Media Player 6.4
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{DA74DE13-84ED-4456-96DE-95872C5E37C2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/12/30 12:32:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL (1).exe
[2014/12/24 11:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2014/12/16 17:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nouveau dossier (2)
[2014/12/16 17:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\windirstat
[2014/12/16 10:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/12/16 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Auslogics
[2014/12/16 10:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/12/16 10:03:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2014/12/15 15:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/12/15 11:31:58 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/12/15 11:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware
[2014/12/15 11:31:23 | 000,054,360 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/12/15 11:31:23 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/12/15 11:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/12/15 11:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/12/15 11:10:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/15 11:08:32 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-2.0.4.1028.exe
[2014/12/15 11:03:32 | 001,707,646 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrateur\Bureau\JRT.exe
[2014/12/12 15:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
[2014/12/12 15:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2014/12/12 15:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\ZHP
[2014/12/11 03:31:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/24 11:56:01 | 013,253,128 | ---- | C] (Trieu Tran Duc ) -- C:\Program Files\moon-secure-antivirus_moon_secure_antivirus_1.0.0_anglais_72252.exe
[2 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/12/30 12:32:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL (1).exe
[2014/12/30 12:15:19 | 000,035,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014/12/30 12:10:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/30 12:10:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/24 11:16:40 | 015,298,136 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe
[2014/12/24 10:57:03 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/24 10:57:03 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
[2014/12/24 10:57:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/12/24 10:33:42 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500UA.job
[2014/12/24 10:12:53 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55470357-6182-4CF1-AE7D-DD802BA25154}.job
[2014/12/22 11:40:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\{6099CB98-79EF-4B2B-A027-FB5537C9AE4B}
[2014/12/22 11:37:48 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/16 16:43:10 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/16 10:42:20 | 000,000,120 | ---- | M] () -- C:\Documents
[2014/12/16 10:09:12 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Google Chrome.lnk
[2014/12/16 10:09:03 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Auslogics DiskDefrag.lnk
[2014/12/16 10:06:00 | 000,772,722 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\cc_20141216_100457.reg
[2014/12/16 09:59:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2014/12/15 14:44:58 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/12/15 11:31:34 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014/12/15 11:05:28 | 020,447,072 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-2.0.4.1028.exe
[2014/12/15 11:00:16 | 001,707,646 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrateur\Bureau\JRT.exe
[2014/12/15 10:58:54 | 002,166,272 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner_4.105.exe
[2014/12/12 15:45:06 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2014/12/12 15:36:02 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPFix.lnk
[2014/12/12 15:36:02 | 000,001,523 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.lnk
[2014/12/11 09:59:30 | 000,504,434 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2014/12/11 09:59:30 | 000,436,134 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/12/11 09:59:30 | 000,082,364 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2014/12/11 09:59:30 | 000,069,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/12/11 03:04:19 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/12/11 02:27:01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500Core.job
[2014/12/10 16:04:33 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/12/10 16:04:33 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/12/10 08:58:43 | 000,050,451 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2014/12/09 18:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/12/08 17:16:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
[2014/12/01 12:53:09 | 000,770,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/12/01 12:53:09 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/12/24 11:18:07 | 000,035,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014/12/24 11:17:52 | 015,298,136 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe
[2014/12/22 11:40:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\{6099CB98-79EF-4B2B-A027-FB5537C9AE4B}
[2014/12/16 10:09:03 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Auslogics DiskDefrag.lnk
[2014/12/16 10:05:03 | 000,772,722 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\cc_20141216_100457.reg
[2014/12/16 09:59:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2014/12/15 11:31:34 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2014/12/15 11:03:32 | 002,166,272 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner_4.105.exe
[2014/12/12 15:45:06 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2014/12/12 15:38:05 | 000,000,120 | ---- | C] () -- C:\Documents
[2014/12/12 15:36:02 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPFix.lnk
[2014/12/12 15:36:02 | 000,001,523 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.lnk
[2014/12/01 12:53:09 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2014/07/23 17:20:13 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2014/06/10 16:36:38 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2014/04/23 10:05:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2014/04/17 08:27:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2014/03/26 12:10:36 | 000,000,916 | RHS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.pol
[2014/03/22 09:24:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:40 | 000,000,046 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,042 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,034 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.iniCorelPP.ini
[2014/03/22 09:24:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CorelPP.iniCorelPP.ini
[2014/03/22 09:24:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CorelPP.ini
[2014/03/22 09:04:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2014/02/04 05:46:02 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\WB.CFG
[2014/02/01 07:18:48 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2013/12/12 15:05:09 | 000,000,089 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2013/12/12 15:05:08 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\FTDIUNIN.exe
[2013/08/13 07:00:36 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc
[2013/03/08 05:15:48 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/08 05:15:47 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2011/10/15 07:27:32 | 002,288,366 | ---- | C] () -- C:\Program Files\FTPExpert2.rar
[2010/05/03 19:41:58 | 000,020,607 | ---- | C] () -- C:\Program Files\Illustrator CS3 Read Me.html
[2010/04/28 05:43:32 | 000,000,066 | ---- | C] () -- C:\Program Files\TETE20100427.ram
[2010/03/21 10:24:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PUTTY.RND
[2010/01/29 08:42:52 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/13 15:24:06 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/08/13 15:24:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Application Support

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/12/23 15:39:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2014/12/10 08:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2014/10/24 08:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\eMule
[2014/12/16 10:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FileZilla
[2010/01/10 08:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Icones
[2011/09/15 05:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
[2009/08/13 15:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Nikon
[2013/10/22 06:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Notepad++
[2009/08/13 10:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org
[2013/05/15 12:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PDF Architect
[2014/12/16 10:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeamViewer
[2009/03/17 10:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
[2009/08/14 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
[2010/03/08 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\X-Chat 2
[2014/12/16 10:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ZHP
[2013/08/03 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/12/16 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2011/02/25 07:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/07 15:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/13 08:13:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/08/13 15:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2013/01/10 07:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2014/02/24 07:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2014/12/24 11:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2013/08/26 07:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/08/13 15:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2013/01/10 07:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
[2013/01/10 07:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< MD5 for: AFD.SYS >[/color]
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/05 11:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2004/08/05 11:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2004/08/05 11:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/14 03:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/14 03:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2004/08/05 11:00:00 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

[color=#A23BEC]< MD5 for: IPSEC.SYS >[/color]
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/05 11:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[color=#A23BEC]< MD5 for: LSASS.EXE >[/color]
[2008/04/14 03:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 03:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe
[2004/08/05 11:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=9F3744A5C6F49291A7A685040A013399 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

[color=#A23BEC]< MD5 for: NETBT.SYS >[/color]
[2004/08/05 11:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

[color=#A23BEC]< MD5 for: REDBOOK.SYS >[/color]
[2004/08/05 11:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2009/03/16 17:05:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/04 01:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/14 02:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/14 02:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2004/08/05 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=1BD6C2F707A275CB7C16FD99FE0F31CA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

[color=#A23BEC]< MD5 for: TCPIP.SYS >[/color]
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/05 11:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2004/08/05 11:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2004/08/05 11:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=313B1A0D5DB26DFE1C34A6C13B2CE0A7 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2008/04/14 02:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/14 02:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2004/08/05 11:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2011/12/26 17:50:55 | 012,090,936 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Application Data\Google\Google Pinyin 2\pinyin-2.6.18.100\GooglePinyinInstaller.exe
[2011/12/19 06:14:38 | 002,763,832 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Application Data\Google\Google Pinyin 2\pinyin-2.6.18.99\GooglePinyinUpdater.exe
[2009/09/01 16:16:46 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]

[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]

[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\*.* >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2009/02/13 14:01:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/13 13:54:57 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2004/08/05 11:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009/02/13 14:01:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/16 07:27:49 | 000,113,120 | ---- | M] () -- C:\Denis Papin_fin_1510.rtf
[2014/12/16 10:42:20 | 000,000,120 | ---- | M] () -- C:\Documents
[2011/07/27 06:57:38 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
[2009/09/30 04:48:20 | 025,116,170 | ---- | M] () -- C:\IMGP2299.MOV
[2009/02/13 14:01:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/13 14:01:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/05 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/16 17:10:10 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2014/12/30 12:10:09 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2014/12/12 15:45:06 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2011/02/24 10:04:00 | 000,023,676 | ---- | M] () -- C:\PRO_LIA-954-09-17-10logo-chinefrance reenreg.eps
[2011/02/24 15:12:19 | 000,044,492 | ---- | M] () -- C:\PRO_LIA-954-09-17-10logo-chinefrancereenr.pdf
[2013/02/01 08:32:17 | 164,909,468 | ---- | M] () -- C:\serveur.sql
[2011/03/19 22:17:03 | 000,004,608 | -HS- | M] () -- C:\Thumbs.db
[2011/01/22 15:31:06 | 063,102,184 | ---- | M] () -- C:\Unknown artist - Untitled.AVI
[2009/09/01 16:12:51 | 000,006,099 | ---- | M] () -- C:\WirelessDiagLog.csv

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2011/10/15 07:27:35 | 002,288,366 | ---- | M] () -- C:\Program Files\FTPExpert2.rar
[2007/03/13 23:46:08 | 000,020,607 | ---- | M] () -- C:\Program Files\Illustrator CS3 Read Me.html
[2009/04/24 11:56:05 | 013,253,128 | ---- | M] (Trieu Tran Duc ) -- C:\Program Files\moon-secure-antivirus_moon_secure_antivirus_1.0.0_anglais_72252.exe
[2010/04/28 05:43:32 | 000,000,066 | ---- | M] () -- C:\Program Files\TETE20100427.ram

[color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.* >[/color]
[2007/08/13 18:54:10 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\custsat.dll
[2009/03/08 03:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\hmmapi.dll
[2009/01/11 20:05:26 | 000,002,649 | ---- | M] () -- C:\Program Files\Internet Explorer\ie8props.propdesc
[2009/03/08 03:35:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iecompat.dll
[2014/03/06 18:58:52 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2007/08/13 18:44:02 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedw.exe
[2014/03/06 18:58:52 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2009/03/08 13:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:16:46 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2014/03/06 18:58:52 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
[2014/03/06 18:58:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\xpshims.dll

[color=#A23BEC]< %USERPROFILE%\*.* >[/color]
[2014/12/30 12:08:53 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
[2014/12/30 12:49:44 | 000,544,768 | -H-- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
[2014/12/30 12:08:54 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2014/04/25 08:58:01 | 000,000,916 | RHS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.pol
[2009/09/01 16:14:11 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\Administrateur\titi.txt
[2009/09/01 12:21:56 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\Administrateur\toto.txt

[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]

[color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.exe >[/color]

[color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.dll >[/color]
[2010/12/09 16:15:19 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\dllnt_dump.dll
[28 C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp -> ]

[color=#A23BEC]< %USERPROFILE%\Application Data\*.exe >[/color]

[color=#A23BEC]< %systemroot%\system32\DBBK\*.* /s >[/color]

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.* >[/color]
[2014/12/16 09:59:49 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat
[2014/12/16 09:59:49 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\*.exe /90 >[/color]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /90 >[/color]
[2014/11/18 14:56:48 | 001,202,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\FM20.DLL

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]
[2014/12/01 12:53:09 | 000,770,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2014/11/21 06:14:14 | 000,054,360 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys
[2014/12/15 14:44:58 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
[2014/12/30 12:15:19 | 000,035,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

[color=#A23BEC]< %systemroot%\system32\*.exe /90 >[/color]
[2014/12/10 16:04:33 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2014/12/11 03:08:43 | 109,818,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe

[color=#A23BEC]< %systemroot%\system32\config\*.sav >[/color]
[2009/02/13 14:46:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/13 14:46:31 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/13 14:46:30 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
[2001/04/19 06:00:00 | 000,008,176 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD36.DLL
[2008/10/09 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD99.DLL
[2001/04/19 06:00:00 | 000,028,928 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP36.DLL
[2008/10/09 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP99.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]
[2012/04/14 05:27:55 | 003,186,688 | ---- | M] () MD5=47B341F0931D6D11364145FFC6BBB1E7 -- C:\WINDOWS\assembly\tmp\09HOV2AH\System.dll
[2013/01/10 05:47:36 | 000,348,160 | ---- | M] () MD5=996AAEEC01C734347DE8A72542FD1C12 -- C:\WINDOWS\assembly\tmp\3ENV4DMV\Microsoft.Build.Engine.dll
[2013/02/15 06:27:58 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\tmp\4FNW4DMU\System.Data.dll
[2013/01/10 05:47:03 | 000,659,456 | ---- | M] () MD5=EFC806A1C4C6CE9F69AECE0AB72C1E34 -- C:\WINDOWS\assembly\tmp\7IRZ8GPX\Microsoft.VisualBasic.dll
[2011/08/12 05:23:38 | 000,258,048 | ---- | M] () MD5=0DFCD96DED6DB52064203C07B927357E -- C:\WINDOWS\assembly\tmp\X7ELT07E\System.Security.dll
[2011/04/14 02:12:24 | 000,188,416 | ---- | M] () MD5=F0D4CE77F1F9D9A7468335B1CE4C061B -- C:\WINDOWS\assembly\tmp\Z8GNU07F\System.DirectoryServices.Protocols.dll

[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.* /S /MD5 >[/color]
[2014/02/14 03:34:07 | 000,069,120 | ---- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2014/02/14 03:34:15 | 000,072,192 | ---- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2012/07/12 05:57:26 | 000,117,160 | ---- | M] () MD5=569124F95660007F8C470D00A96CBD7D -- C:\WINDOWS\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
[2009/12/27 03:06:49 | 000,163,840 | ---- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2011/01/06 05:13:00 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2014/02/14 03:34:30 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2014/02/14 03:34:30 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2014/02/14 03:34:30 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2014/02/14 03:34:30 | 004,550,656 | ---- | M] () MD5=09ACF833CA462CCE1B3F335DA8584BD8 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2014/02/14 03:34:30 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2014/02/14 03:34:30 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2014/02/14 03:34:30 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2014/02/14 03:34:30 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2014/02/14 03:34:30 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2014/02/14 03:34:30 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2014/02/14 03:34:30 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2014/02/14 03:34:30 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2014/02/14 03:34:30 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2014/02/14 03:34:30 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2013/07/11 05:01:28 | 004,214,784 | ---- | M] () MD5=F2E812E2DE09ACB08120D4280EFAB765 -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2014/02/14 03:34:33 | 000,486,400 | ---- | M] () MD5=759FD3779911F89C450CCAE06B92AE3A -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2014/02/14 03:34:34 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2014/02/14 03:34:10 | 000,258,048 | ---- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2014/02/14 03:34:10 | 000,113,664 | ---- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2013/07/11 05:01:34 | 000,368,640 | ---- | M] () MD5=1BC9A94494AB1E26E1A72A4C3227EB95 -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2014/02/14 03:34:19 | 000,261,632 | ---- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2014/02/14 03:33:35 | 005,279,744 | ---- | M] () MD5=7D8495351F970C304BB71DF0458885B9 -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.* /S /MD5 >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >[/color]

[color=#A23BEC]< %windir%\temp*.* >[/color]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#A23BEC]< "%WinDir%\$NtUninstallKB*$." /30 >[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color]
"DefaultConnectionSettings" = 46 00 00 00 F3 0C 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 05 00 00 00 00 00 00 00 40 BB 14 5B 50 18 D0 01 01 00 00 00 C0 A8 00 9D 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 80 02 00 00 00 00 00 00 00 02 00 00 01 00 00 00 80 02 00 00 01 00 00 00 00 02 00 00 02 00 00 00 80 02 00 00 02 00 00 00 00 02 00 00 03 00 00 00 65 00 3B 00 65 00 6E 00 64 00 73 00 74 00 72 00 75 00 63 00 74 00 3B 00 75 00 69 00 6E 00 74 00 20 00 43 00 68 00 61 00 02 00 00 00 C0 A8 00 0B 00 00 00 00 00 00 00 00 64 00 6C 00 65 00 20 00 68 00 49 00 74 00 65 00 6D 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4E 00 65 00 77 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4F 00 6C 00 64 00 3B 00 6C 00 70 00 61 00 72 00 61 00 6D 00 20 00 6C 00 50 00 61 00 72 00 61 00 6D 00 3B 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 F8 45 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 05 00 00 00 00 00 00 00 40 BB 14 5B 50 18 D0 01 01 00 00 00 C0 A8 00 9D 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 80 02 00 00 00 00 00 00 00 02 00 00 01 00 00 00 80 02 00 00 01 00 00 00 00 02 00 00 02 00 00 00 80 02 00 00 02 00 00 00 00 02 00 00 03 00 00 00 65 00 3B 00 65 00 6E 00 64 00 73 00 74 00 72 00 75 00 63 00 74 00 3B 00 75 00 69 00 6E 00 74 00 20 00 43 00 68 00 61 00 02 00 00 00 C0 A8 00 0B 00 00 00 00 00 00 00 00 64 00 6C 00 65 00 20 00 68 00 49 00 74 00 65 00 6D 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4E 00 65 00 77 00 3B 00 75 00 69 00 6E 00 74 00 20 00 53 00 74 00 61 00 74 00 65 00 4F 00 6C 00 64 00 3B 00 6C 00 70 00 61 00 72 00 61 00 6D 00 20 00 6C 00 50 00 61 00 72 00 61 00 6D 00 3B 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-12-11 02:41:15

[color=#A23BEC]< C:\Program Files\Common Files\ComObjects\*.* / >[/color]
Invalid Switch:

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2012/08/21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
[2012/08/21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
[2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\AcrobatUpdater.exe
[2012/01/03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\AdobeARM.exe
[2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\AdobeARMHelper.exe
[2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\12683\ReaderUpdater.exe
[2012/09/24 05:10:21 | 037,854,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\AdbeRdr11000_fr_FR.exe
[2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\AcrobatUpdater.exe
[2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\AdobeARM.exe
[2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\AdobeARMHelper.exe
[2012/12/03 08:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\11190\ReaderUpdater.exe
[2012/01/03 18:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-A95000000001}\Setup.exe
[2012/09/24 04:48:35 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AB0000000001}\setup.exe
[2013/08/03 15:16:08 | 000,077,136 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
[2008/11/11 18:32:32 | 000,079,184 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe

[color=#A23BEC]< >[/color]
[2009/02/13 13:58:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/13 14:06:05 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/31 10:58:56 | 000,000,450 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55470357-6182-4CF1-AE7D-DD802BA25154}.job
[2009/10/04 09:45:03 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2010/10/24 08:22:58 | 000,001,052 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/10/24 08:22:59 | 000,001,056 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2011/02/14 18:28:35 | 000,001,132 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500Core.job
[2011/02/14 18:28:36 | 000,001,184 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-838170752-682003330-500UA.job
[2012/07/08 21:08:13 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/15 09:32:31 | 000,001,002 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013/04/11 03:46:47 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2014/03/22 09:28:40 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
[2014/03/22 09:28:41 | 000,000,240 | ---- | C] () -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job

< End of report >

Signaler le contenu de ce document