OTL logfile created on: 28/10/2012 17:50:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
1023,48 Mb Total Physical Memory | 538,80 Mb Available Physical Memory | 52,64% Memory free
2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63,99 Gb Total Space | 29,68 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive D: | 73,26 Gb Total Space | 52,24 Gb Free Space | 71,32% Space Free | Partition Type: NTFS
Computer Name: WINDOWS-16F9BB1 | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
PRC - C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules)
PRC - C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\KHALMNPR.exe (Logitech Inc.)
========== Modules (No Company Name) ========== MOD - C:\Program Files\Alwil Software\Avast5\defs\12102800\algo.dll ()
MOD - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\DiskMap.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\WebUI.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\sqlite3.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\Scan.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\NtfsData.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtWebKit4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtXml4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\phonon4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtGui4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtCore4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtNetwork4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qtiff4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qmng4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qjpeg4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qico4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qgif4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\libgcc_s_dw2-1.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\mingwm10.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\Program Files\Belgium Identity Card\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Belgium Identity Card\QtGui4.dll ()
MOD - C:\Program Files\Belgium Identity Card\QtCore4.dll ()
MOD - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
========== Services (SafeList) ========== SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PdiService) -- C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (DTSRVC) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz132) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (EMVSCARD) -- C:\WINDOWS\system32\drivers\EMVSCARD.sys (USB Smart Card Reader)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvcchflt) -- C:\WINDOWS\system32\drivers\nvcchflt.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\rt2500.sys (Ralink Technology Inc.)
DRV - (nvcap) -- C:\WINDOWS\system32\drivers\NVCAP.SYS (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS (NVIDIA Corporation)
DRV - (PPortJoystick) -- C:\WINDOWS\system32\drivers\PPortJoy.sys (Deon van der Westhuysen)
DRV - (PPJoyBus) -- C:\WINDOWS\system32\drivers\PPJoyBus.sys (Deon van der Westhuysen)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKLM\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" =
http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch =
http://www.google.com/ieIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant =
http://www.google.com/ieIE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\.DEFAULT\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" =
http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch =
http://www.google.com/ieIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant =
http://www.google.com/ieIE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-18\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" =
http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch =
http://www.google.com/ieIE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant =
http://www.google.com/ieIE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-20\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" =
http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.skynet.be/?new_lang=frIE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" =
http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2010/03/11 15:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/03/11 15:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\maxtv4@labs.max-tv.be
[2010/01/03 16:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/13 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: ClipConverter = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp\1.2.5_0\
CHR - Extension: ClipConverter = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp\1.2.6_0\
O1 HOSTS File: ([2011/09/12 22:11:30 | 000,437,564 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1
http://www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
http://www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
http://www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
http://www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
http://www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1
http://www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
http://www.1001namen.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
http://www.100888290cs.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
http://www.100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
http://www.10sek.comO1 - Hosts: 127.0.0.1
http://www.1-2005-search.comO1 - Hosts: 15050 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Fichiers communs\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [ElbyCheckElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [WahOO] C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1592454029-839522115-500\..Trusted Domains: localhost ([]http in Sites de confiance)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
http://belgacom.extrafilm.be/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429}
http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0}
http://belgacom.smartphoto.be/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{512C9159-9CA2-4FBE-BCD5-AAE41F59520A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 13:01:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()
========== Files/Folders - Created Within 30 Days ========== [2012/10/28 17:44:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2012/10/28 17:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2012/10/27 19:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com
[2012/10/20 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/20 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PowerQuest PartitionMagic 8.0
[2012/10/20 22:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2012/10/20 22:10:14 | 000,000,000 | ---D | C] -- C:\Temp program
[2012/10/18 11:42:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/18 11:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/10/17 22:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\PriceGong
[2012/10/17 22:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/10/17 22:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
[2012/10/17 22:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
[2012/10/17 22:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2012/10/17 14:20:43 | 000,216,320 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25009x.sys
[2012/10/17 14:20:43 | 000,214,912 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500.sys
[2012/10/17 14:20:43 | 000,143,360 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25u98.sys
[2012/10/17 14:20:43 | 000,140,416 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2012/10/17 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2012/10/17 10:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
[2012/10/17 10:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wipe 2012
[2012/10/17 10:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/10/16 23:43:32 | 000,062,009 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\wpfb_nv4_disp.dll
[2012/10/16 23:32:11 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/10/16 23:30:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/10/16 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2012/10/16 23:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2012/10/16 21:52:34 | 000,180,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2012/10/16 21:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Help
[2012/10/16 17:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}
[2012/10/16 17:51:12 | 000,289,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoins.dll
[2012/10/16 17:51:12 | 000,033,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVCOI.DLL
[2012/10/16 17:51:11 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuide.exe
[2012/10/16 17:50:44 | 000,101,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtcp.sys
[2012/10/16 17:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\NVIDIA Corporation
[2012/10/16 17:39:12 | 000,100,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVTCP.SYS
[2012/10/16 17:37:53 | 000,466,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\CapabilityTable.exe
[2012/10/16 17:37:45 | 000,300,032 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoi.dll
[2012/10/16 17:37:45 | 000,092,800 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvata.sys
[2012/10/16 17:37:06 | 000,201,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1ins.dll
[2012/10/16 17:37:05 | 000,201,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1.dll
[2012/10/16 17:37:05 | 000,033,536 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENETFD.sys
[2012/10/16 17:37:03 | 000,208,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvsnpu.sys
[2012/10/16 17:37:03 | 000,032,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvconrm.dll
[2012/10/16 17:37:03 | 000,009,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1ins.dll
[2012/10/16 17:37:03 | 000,009,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1.dll
[2012/10/16 17:37:02 | 000,261,888 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnrm.sys
[2012/10/16 17:37:02 | 000,012,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnetbus.sys
[2012/10/16 17:30:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/10/16 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIGABYTE
[2012/10/15 22:56:56 | 000,000,000 | ---D | C] -- C:\logs
[2012/10/15 17:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Gigabyte
[2012/10/15 10:56:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/02 22:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/19 23:14:13 | 000,028,800 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\PPortJoy.sys
[2011/08/19 23:14:13 | 000,013,952 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\PPJoyBus.sys
[2011/08/19 23:14:13 | 000,005,632 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\W98Ports.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/10/28 17:52:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/10/28 17:47:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 17:40:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2012/10/28 17:40:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/28 17:38:23 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/28 17:37:58 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 17:37:58 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/10/28 17:37:56 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/28 15:59:58 | 000,481,740 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/10/28 15:59:58 | 000,414,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/28 15:59:58 | 000,073,450 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/10/28 15:59:58 | 000,061,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/27 20:38:59 | 000,020,146 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Fenêtre intempestive.jpg
[2012/10/27 20:32:29 | 000,655,498 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\CaptureScreen.zip
[2012/10/27 19:14:17 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Démarrer la détection.lnk
[2012/10/22 09:35:10 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/20 23:17:22 | 000,000,298 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012/10/18 11:43:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/18 11:42:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/10/17 22:12:23 | 000,047,614 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\save easy cleaner.htm
[2012/10/17 14:20:43 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\WiFi Station.lnk
[2012/10/17 14:20:41 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
[2012/10/17 10:57:31 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Wipe 2012.lnk
[2012/10/16 23:43:39 | 000,062,009 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\wpfb_nv4_disp.dll
[2012/10/16 17:39:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/10/16 17:39:26 | 000,000,025 | ---- | M] () -- C:\WINDOWS\Nomdefichier
[2012/10/16 17:14:42 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2012/10/16 10:45:50 | 000,000,212 | -H-- | M] () -- C:\boot.ini
[2012/10/15 23:24:30 | 000,002,597 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Feneris Video Downloader.lnk
[2012/10/09 10:40:28 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 10:40:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/02 22:08:44 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/10/28 17:52:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/10/27 20:38:59 | 000,020,146 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Fenêtre intempestive.jpg
[2012/10/27 20:32:24 | 000,655,498 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\CaptureScreen.zip
[2012/10/27 19:14:17 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Démarrer la détection.lnk
[2012/10/17 22:12:23 | 000,047,614 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\save easy cleaner.htm
[2012/10/17 14:20:43 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\WiFi Station.lnk
[2012/10/17 14:20:41 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
[2012/10/17 10:57:31 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Wipe 2012.lnk
[2012/10/17 10:22:19 | 000,039,291 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2012/10/16 21:52:34 | 000,015,868 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/10/16 17:51:11 | 000,001,537 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2012/10/16 17:39:38 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/10/16 17:39:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Nomdefichier
[2012/10/02 22:08:44 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/05/31 16:29:51 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/05/31 16:29:45 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012/05/31 16:29:43 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/10/15 10:49:17 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/10/10 22:12:53 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\DriveCalculator Preferences
[2011/08/19 23:14:13 | 000,258,048 | ---- | C] () -- C:\Program Files\PPortJoy.cpl
[2011/08/19 23:14:13 | 000,245,760 | ---- | C] () -- C:\Program Files\PPJoyKey.exe
[2011/08/19 23:14:13 | 000,176,128 | ---- | C] () -- C:\Program Files\PPJoyCom.exe
[2011/08/19 23:14:13 | 000,163,840 | ---- | C] () -- C:\Program Files\PPJoyDLL.exe
[2011/08/19 23:14:13 | 000,159,744 | ---- | C] () -- C:\Program Files\PPJoyMouse.exe
[2011/08/19 23:14:13 | 000,003,957 | ---- | C] () -- C:\Program Files\PPortJoy.inf
[2011/08/19 23:14:13 | 000,002,012 | ---- | C] () -- C:\Program Files\PPJoyBus.inf
[2011/08/19 23:14:13 | 000,001,742 | ---- | C] () -- C:\Program Files\W98Ports.inf
[2011/04/17 23:10:12 | 000,000,490 | ---- | C] () -- C:\Program Files\Netlor StudioStyleView.sps
[2011/04/11 21:55:52 | 000,000,474 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/12 21:49:47 | 000,019,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/09 20:59:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/02 23:07:01 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini
[2010/06/06 16:19:27 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\QuickZip45.ini
[2010/05/12 22:16:26 | 003,502,080 | ---- | C] () -- C:\Program Files\FVD.msi
[2010/03/26 23:47:00 | 000,081,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 22:47:58 | 000,000,793 | ---- | C] () -- C:\Program Files\Netlor Studiopreview.html
[2009/10/27 20:11:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ========== [2009/10/24 13:02:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/02/12 22:23:50 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/19 15:09:26 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/19 15:09:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2009/11/24 18:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\123 Free Solitaire
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2010/09/12 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2011/01/09 21:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Convertisseur PDF
[2011/10/15 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DisplayTune
[2009/10/24 15:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FotoWire
[2012/08/07 13:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\IObit
[2012/10/28 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2010/03/11 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MaxTV Technologies
[2012/10/17 22:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
[2010/03/26 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre
[2012/10/18 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PriceGong
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
[2012/05/09 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SMA
[2012/03/12 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2012/10/28 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
[2010/11/28 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/08 18:39:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 20:10:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/06 21:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/03/12 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/10/16 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/10/27 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/06/06 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/05/09 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMA
[2011/01/09 21:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2009/10/27 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 21:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/15 11:13:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s >"AutoRestartShell" = 1
"DefaultDomainName" = WINDOWS-16F9BB1
"DefaultUserName" = Administrateur
"LegalNoticeCaption" =
"LegalNoticeText" =
"PowerdownAfterShutdown" = 1
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2008/02/13 21:03:25 | 001,411,072 | ---- | M] (Microsoft Corporation)
"ShutdownWithoutLogon" = 1
"System" =
"Userinit" = C:\WINDOWS\system32\userinit.exe,
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
"SfcQuota" = -1
"SfcDisable" = -99
"allocatecdroms" = 0
"allocatedasd" = 0
"allocatefloppies" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"scremoveoption" = 0
"AllowMultipleTSSessions" = 1
"KeepRasConnections" = 1
"ShowLogonOptions" = 49
"SlowLinkDetectEnabled" = 0
"AltDefaultUserName" = Administrateur
"UIHost" = logonui.exe -- [2008/02/13 21:03:42 | 006,848,000 | ---- | M] (Microsoft Corporation)
"LogonType" = 1
"Background" = 0 0 0
"DebugServerCommand" = no
"HibernationPreviouslyEnabled" = 1
"WinStationsDisabled" = 0
"AltDefaultDomainName" = WINDOWS-16F9BB1
"AutoAdminLogon" = 0
"AutoLogonCount" = 16775421
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Sans fil
"ProcessGroupPolicy" = ProcessWIRELESSPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2004/08/19 15:09:26 | 000,076,288 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Quota du disque Microsoft
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = dskquota.dll -- [2004/08/19 15:09:24 | 000,093,696 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = Planificateur de paquets QoS
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"" = Scripts
"ProcessGroupPolicy" = ProcessScriptsGroupPolicy
"ProcessGroupPolicyEx" = ProcessScriptsGroupPolicyEx
"GenerateGroupPolicy" = GenerateScriptsGroupPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoSlowLink" = 1
"NoGPOListChanges" = 1
"NotifyLinkTransition" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"" = Internet Explorer Zonemapping
"DllName" = iedkcs32.dll -- [2008/02/12 22:25:52 | 000,388,096 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"NoGPOListChanges" = 1
"RequiresSucessfulRegistry" = 1
"DisplayName" = @iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation)
"" = Security -- [2004/08/19 15:09:40 | 000,005,632 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 960
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"" = Internet Explorer Branding
"DisplayName" = @iedkcs32.dll,-3014
"DllName" = iedkcs32.dll -- [2008/02/12 22:25:52 | 000,388,096 | ---- | M] (Microsoft Corporation)
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"ProcessGroupPolicy" = ProcessGroupPolicy
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessEFSRecoveryGPO
"DllName" = scecli.dll -- [2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation)
"" = EFS recovery
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"" = Installation de logiciel
"DllName" = appmgmts.dll -- [2004/08/19 15:09:20 | 000,176,640 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicyEx" = ProcessGroupPolicyObjectsEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoBackgroundPolicy" = 0
"RequiresSucessfulRegistry" = 0
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"EventSources" = (Application Management,Applicatio [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = Sécurité IP
"ProcessGroupPolicy" = ProcessIPSECPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = crypt32.dll -- [2004/08/19 15:09:22 | 000,604,672 | ---- | M] (Microsoft Corporation)
"Logoff" = ChainWlxLogoffEvent
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = cryptnet.dll -- [2004/08/19 15:09:22 | 000,063,488 | ---- | M] (Microsoft Corporation)
"Logoff" = CryptnetWlxLogoffEvent
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName" = cscdll.dll -- [2004/08/19 15:09:22 | 000,102,912 | ---- | M] (Microsoft Corporation)
"Logon" = WinlogonLogonEvent
"Logoff" = WinlogonLogoffEvent
"ScreenSaver" = WinlogonScreenSaverEvent
"Startup" = WinlogonStartupEvent
"Shutdown" = WinlogonShutdownEvent
"StartShell" = WinlogonStartShellEvent
"Impersonate" = 0
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName" = WlNotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Logon" = SCardStartCertProp
"Logoff" = SCardStopCertProp
"Lock" = SCardSuspendCertProp
"Unlock" = SCardResumeCertProp
"Enabled" = 1
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"StartShell" = SchedStartShell
"Logoff" = SchedEventLogOff
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff" = WLEventLogoff
"Impersonate" = 0
"Asynchronous" = 1
"DllName" = sclgntfy.dll -- [2004/08/19 15:09:40 | 000,022,016 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName" = WlNotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Lock" = SensLockEvent
"Logon" = SensLogonEvent
"Logoff" = SensLogoffEvent
"Safe" = 1
"MaxWait" = 600
"StartScreenSaver" = SensStartScreenSaverEvent
"StopScreenSaver" = SensStopScreenSaverEvent
"Startup" = SensStartupEvent
"Shutdown" = SensShutdownEvent
"StartShell" = SensStartShellEvent
"PostShell" = SensPostShellEvent
"Disconnect" = SensDisconnectEvent
"Reconnect" = SensReconnectEvent
"Unlock" = SensUnlockEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"Logoff" = TSEventLogoff
"Logon" = TSEventLogon
"PostShell" = TSEventPostShell
"Shutdown" = TSEventShutdown
"StartShell" = TSEventStartShell
"Startup" = TSEventStartup
"MaxWait" = 600
"Reconnect" = TSEventReconnect
"Disconnect" = TSEventDisconnect
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName" = wlnotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Logon" = RegisterTicketExpiredNotificationEvent
"Logoff" = UnregisterTicketExpiredNotificationEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant" = 0
"TsInternetUser" = 0
"SQLAgentCmdExec" = 0
"NetShowServices" = 0
"IWAM_" = 65536
"IUSR_" = 65536
"VUSR_" = 65536
"Administrateur" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials]
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >"" = C:\Program Files\Internet Explorer\iexplore.exe -- [2008/02/12 22:26:00 | 000,625,664 | ---- | M] (Microsoft Corporation)
< %temp%\smtmp\1\*.* /s > < %temp%\smtmp\2\*.* /s > < %temp%\smtmp\4\*.* /s > < nslookup http://www.google.fr /c >Serveur : UnKnown
Address: 192.168.1.1
Nom :
http://WWW.GOOGLE.FRAddress: 173.194.67.94
< %systemroot%\system32\drivers\*.sys /lockedfiles > < %ALLUSERSPROFILE%\Application Data\*. >[2012/08/29 09:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/28 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/22 22:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/03/12 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/08 18:39:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 20:10:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/06 21:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/03/12 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/10/16 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/10/27 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2012/03/08 22:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/19 17:24:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/10/18 11:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/06/06 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/05/09 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMA
[2011/01/09 21:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/06 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/10/27 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 21:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/15 11:13:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2012/03/06 10:13:51 | 003,277,857 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
[2012/04/04 12:17:36 | 000,342,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA1000000001}\setup.exe
[2011/03/07 16:21:24 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.1.1\SetupAdmin.exe
[2012/10/18 11:42:19 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
< %APPDATA%\*. >[2009/11/24 18:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\123 Free Solitaire
[2012/07/02 23:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Adobe
[2009/11/06 12:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ahead
[2011/03/12 21:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
[2010/05/10 22:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ArcSoft
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2010/09/12 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2011/01/09 21:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Convertisseur PDF
[2011/10/15 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DisplayTune
[2010/11/24 17:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\dvdcss
[2010/03/16 23:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FastStone
[2009/10/24 15:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FotoWire
[2009/11/15 11:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Google
[2012/10/16 21:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Help
[2009/10/24 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Identities
[2012/10/16 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2012/08/07 13:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\IObit
[2012/10/28 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2009/10/24 14:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Logitech
[2012/10/17 11:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2012/03/08 22:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/03/11 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MaxTV Technologies
[2012/07/02 23:28:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft
[2009/10/26 21:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft Web Folders
[2010/01/03 16:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2012/10/17 22:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
[2010/03/26 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre
[2012/10/18 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PriceGong
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
[2012/09/11 17:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sibelius Software
[2012/05/09 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SMA
[2009/12/26 15:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2012/03/12 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2012/10/28 17:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\vlc
[2009/10/24 13:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[2012/10/28 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
< %APPDATA%\*.exe /s >[2011/05/27 22:32:49 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Administrateur\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
[2011/06/24 17:05:59 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2011/06/24 17:06:00 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\updater.exe
[2011/06/24 17:06:00 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2011/06/24 17:06:00 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2011/06/24 17:06:00 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2011/06/24 17:06:00 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2011/06/24 17:06:00 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2011/06/24 17:06:01 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2011/06/24 17:06:01 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010/05/12 22:16:58 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_184F7DB9A6DFFF85BE5CDB.exe
[2010/05/12 22:16:58 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_26148796F1C61A0D578706.exe
[2010/05/12 22:16:58 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_E58D3B0E468C0F9A305490.exe
[2012/09/10 19:02:42 | 000,492,640 | ---- | M] (Clasys Ltd.) -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy\A79AEA3BCF3D47AB8E2CD066826AE523\setup_759.exe
< %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004/08/03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CHANGER.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: DISK.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
< MD5 for: EVENTLOG.DLL >[2004/08/19 15:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >[2008/02/13 21:03:25 | 001,411,072 | ---- | M] (Microsoft Corporation) MD5=6B9A6F17970BA9732891B3241B750BA0 -- C:\WINDOWS\explorer.exe
< MD5 for: NDIS.SYS >[2004/08/03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >[2004/08/19 15:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >[2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys
[2005/05/17 10:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvata.sys
[2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\nvata.sys
[2005/05/17 10:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvata.sys
< MD5 for: RASACD.SYS >[2002/08/30 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
< MD5 for: RDPCLIP.EXE >[2004/08/19 15:10:04 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=5CEDA4A82F07576B57BD554E20238F1B -- C:\WINDOWS\system32\rdpclip.exe
< MD5 for: RDPWD.SYS >[2008/02/12 22:08:46 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\system32\drivers\rdpwd.sys
< MD5 for: SCECLI.DLL >[2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SFLOPPY.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2004/08/03 21:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\drivers\sfloppy.sys
< MD5 for: SPLITTER.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2006/06/14 08:50:20 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\system32\drivers\splitter.sys
< MD5 for: SWMIDI.SYS >[2001/08/17 21:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\drivers\swmidi.sys
< MD5 for: TCPIP.SYS >[2008/02/13 21:05:34 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=CE3EC03C9F65302E44AF5C452D20A86F -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: TDPIPE.SYS >[2004/08/19 15:10:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\drivers\tdpipe.sys
< MD5 for: TDTCP.SYS >[2004/08/19 15:10:20 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\drivers\tdtcp.sys
< MD5 for: USBPRINT.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\drivers\usbprint.sys
< MD5 for: USBSCAN.SYS >[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\drivers\usbscan.sys
< MD5 for: USERINIT.EXE >[2004/08/19 15:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VOLSNAP.SYS >[2004/08/19 14:59:14 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=313B1A0D5DB26DFE1C34A6C13B2CE0A7 -- C:\WINDOWS\system32\drivers\volsnap.sys
< MD5 for: WINLOGON.EXE >[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/02/13 21:04:39 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=AFE97D09B55D4E93A189C3B8371A2474 -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >