virus Sacem police nationale

[eric colombes]

bonsoir à tous sur le forum,

je viens vous demander conseil sur ce virus.

j'ai un portable sony vaio en windows seven infecté par ce virus. j'ai accès en mode sans echec par l'invit de commande. j'ai téléchargé roguekiller que j'ai lancé sur le pc et la est ma première question : comment reconnaitre le bon du mauvais ?

merci de votre reponse

Eric

[HexCrunch]

bonjour et bienvenue dans PC-I
bon réponds a ces questions stp pour qu'on puisse savoir quoi faire sur ton PC

• quelle version de windows utilises tu ?
• quel et l'état de ta connexion internet?
• qu'as tu fait avant le probléme ?
• quel AV ?
• ta version windows est elle authentique ?
• quand ce problème s'est il manifésté ?
• as tu dèje passé des outils sur ton PC ?
• es tu déja pris en charge ailleurs ?

après avoir répondu a ces questions fais ceci

Graver et Démarrer OTLPE depuis un CD

* Télécharge OTLPEnet :: http://oldtimer.geekstogo.com/OTLPENet.exe sur ton Bureau ou http://www.itxassociates.com/OT-Tools/OTLPENet.exe

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe(clic droit executer en tant qu'administrateur sous vista|seven) et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.
* Patiente le temps de la décompression et de la gravure du CD.
* demarrer sur le cdrom crée de Reatogo , voir exemple: booter-sur-dvd-t9447.html














* Ton système doit montrer un bureau REATOGO-X-PE
* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.
* Double-click sur l'icone OTLPE

» à ceci valider par ok:




» à ceci selectionner sa session:

** si le systeme d'exploitation est Vista ou Seven tu peux avoir ce message : "RunScanner Error - Target is not windows 2000 or later", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de local disk (c:)

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors




o sous Custom Scan box copie_colle le contenu du cadre ci dessous:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
SAVEMBR:0
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
csrss.exe
smss.exe
svchost.exe
services.exe
spoolsv.exe
alg.exe
ctfmon.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
i8042prt.sys
cdrom.sys
disk.sys
ndis.sys
tcpip.sys
imapi.sys
RDPCDD.sys
mountmgr.sys
aec.sys
rasacd.sys
redbook.sys
intelide.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* clic Run Scan pour demarrer le scan.
* une fois terminé , le fichier se trouve là C:\OTL.txt
* copie_colle le contenu dans ta prochaine reponse

Si ton rapport est trop long, utilise le site http://www.ci-joint.com pour envoyer ton rapport, et mets le lien dans ta prochaine réponse.

[eric colombes]

bonsoir,

merci pour ce début de réponse voici les miennes :
windows seven 64 bits
pas de connexion internet (je suis la sur un autre pc portable)
avant le problème, je consultais mes mails sur ma boite free
version windows authentique
ce problème s'est manisfesté hier soir (mais j'avais déjà eu un problème similaire que j'avais eradiqué avec malwarebytes)
oui j'ai passé malwarebytes qui détecte le virus mais il revient dès que je me reconnecte
non je ne suis pas pris en charge ailleurs

Autre question faut il passer obligatoirement par le gravage de cd ?

[HexCrunch]

salut
si tu ne veux pas graver on peut passer par une clé USB mais graver c'est mieux
amicalement

[eric colombes]

bonsoir,

je viens d'insérer le cd, j'ai re booter dessus mais j'ai un bel ecran tout bleu avec les informations suivantes ;

A problem has been detected and windows has benn shut down ta prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again follow these steps : Check for viruses on your computer. remove any newly installed hard drives or hard drive controllers. chek your hard drive to make sure it is properly configured and terminated. Run chkdsk/f to check for hard drive corruption and then restart your computer.

technical information :
***stop: 0x00000007b (0xf78da528, 0xc0000034, 0x00000000, 0x00000000)

[HexCrunch]

salut
peux tu demarrer en mode sans echec ?
amicalement

[eric colombes]

oui sans problème

[jeanmimigab]

Salut Éric,

Démarre ton PC en mode Normal pour faire la procédure suivante, si par hasard cela ne va pas, fais cette procédure en mode sans échec

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

@++

[floflo]

Bonjour jeanmimigab,

j'en suis à la dernière étape. qu'entends tu par copie colle dans ta reponse?

j'ai bien eu le fichier otl.txt mais je ne sais pas quoi en faire?

merci

[floflo]

OTL logfile created on: 5/22/2012 1:31:26 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 220.37 Gb Total Space | 200.42 Gb Free Space | 90.95% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.43 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2012/05/22 03:40:27 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/05/22 03:40:10 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/18 11:56:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 21:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/12 08:16:45 | 000,918,880 | ---- | M] () [Auto] -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/31 10:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/10/09 11:02:32 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/02/07 23:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/11 13:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/02/12 09:53:24 | 000,132,464 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/05/22 03:40:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/05/27 13:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 18:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 10:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 08:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 02:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 01:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 01:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/11 13:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 13:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/01/07 00:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/03/12 05:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/03/10 10:31:52 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/03/05 05:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/03/03 09:43:58 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/03/03 09:42:56 | 000,036,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/02/19 10:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/10/06 11:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/03/25 07:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/02/25 16:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/14 21:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 01:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/18 16:40:44 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 10:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/01 14:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2006/01/10 06:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 00:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 00:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 00:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 00:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 00:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 00:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 00:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 07:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 07:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 09:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 09:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 09:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/23 06:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr ... channel=fr
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKU\.DEFAULT\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/defau ... l=fr&s=gen
IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr ... channel=fr
IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/defau ... l=fr&s=gen
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr ... channel=fr
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell ... bd=3070703
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\rignault_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\rignault_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\rignault_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\rignault_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\rignault_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
IE - HKU\rignault_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\rignault_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\rignault_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\rignault_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rignault_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\rignault\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\rignault\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/30 17:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 04:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 08:16:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/18 09:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/30 17:40:25 | 000,000,000 | ---D | M]

[2012/05/18 09:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rignault\Application Data\Mozilla\Extensions
[2012/05/21 04:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rignault\Application Data\Mozilla\Firefox\Profiles\59mava1x.default\extensions
[2012/05/18 09:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/04/20 21:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:45:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/04/20 21:45:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:45:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/04/20 21:45:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/04/20 21:45:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/04/20 21:45:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 07:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\rignault_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\rignault_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\rignault_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [frkUeoymDhvXXox] C:\Documents and Settings\rignault\Application Data\VboxServs.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe (HP)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\Administrateur_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrateur_ON_C..\Run: [frkUeoymDhvXXox] C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe ()
O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\rignault_ON_C..\Run: [frkUeoymDhvXXox] C:\Documents and Settings\rignault\Application Data\VboxServs.exe ()
O4 - HKU\rignault_ON_C..\Run: [WinUsr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SanDisk Media Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\rignault\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk = C:\Documents and Settings\rignault\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrateur_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LogMeInRemoteUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\rignault_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\rignault_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\rignault_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\rignault_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\rignault_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\rignault\Application Data\VboxServs.exe) - C:\Documents and Settings\rignault\Application Data\VboxServs.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\rignault\Application Data\VboxServs.exe) - C:\Documents and Settings\rignault\Application Data\VboxServs.exe ()
O20 - HKU\Administrateur_ON_C Winlogon: Shell - (C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe) - C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe ()
O20 - HKU\Administrateur_ON_C Winlogon: UserInit - (C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe) - C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe ()
O20 - HKU\rignault_ON_C Winlogon: Shell - (C:\Documents and Settings\rignault\Application Data\VboxServs.exe) - C:\Documents and Settings\rignault\Application Data\VboxServs.exe ()
O20 - HKU\rignault_ON_C Winlogon: UserInit - (C:\Documents and Settings\rignault\Application Data\VboxServs.exe) - C:\Documents and Settings\rignault\Application Data\VboxServs.exe ()
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 08:18:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{81ad4a52-97a4-11dd-8ae8-001aa0303468}\Shell - "" = AutoRun
O33 - MountPoints2\{81ad4a52-97a4-11dd-8ae8-001aa0303468}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
O33 - MountPoints2\{81e096ae-0be2-11de-8bef-001aa0303468}\Shell\AutoRun\command - "" = F:\3dcs9.exe
O33 - MountPoints2\{81e096ae-0be2-11de-8bef-001aa0303468}\Shell\open\Command - "" = F:\3dcs9.exe
O33 - MountPoints2\{86845bb4-b96f-11dd-8b34-001aa0303468}\Shell - "" = AutoRun
O33 - MountPoints2\{86845bb4-b96f-11dd-8b34-001aa0303468}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CkYCdTds-fVN2-zddJ-SwDr-cO299emYN2hG} -
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/22 04:32:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\IETldCache
[2012/05/22 03:55:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favoris
[2012/05/22 03:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/18 11:52:03 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/18 09:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rignault\Local Settings\Application Data\Mozilla
[2012/05/18 09:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/18 09:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/18 09:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/16 10:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rignault\Bureau\Argumentaire tél
[2012/05/11 07:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rignault\Bureau\annonces écoles
[2012/05/02 09:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rignault\Bureau\prospects com
[2012/05/02 08:23:22 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l101.dll
[2012/05/02 08:22:44 | 000,966,656 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_p03b.dll
[2012/05/02 08:22:44 | 000,885,760 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_p03b.dll
[2012/05/02 08:22:44 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_p03a.dll
[2012/05/02 08:22:41 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/05/02 08:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/05/02 06:11:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rignault\Mes documents\Dropbox
[2012/05/02 05:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/05/02 05:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rignault\Menu Démarrer\Programmes\Dropbox
[2012/05/02 05:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rignault\Application Data\Dropbox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/22 05:34:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{00C57178-8F63-45E2-8C31-B6BE65D4BBDD}.job
[2012/05/22 05:33:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/22 05:33:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/22 05:32:58 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 04:36:00 | 000,515,442 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/05/22 04:36:00 | 000,446,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/22 04:36:00 | 000,086,856 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/05/22 04:36:00 | 000,073,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/22 04:16:01 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3847135614-1881978014-3457904666-1005UA.job
[2012/05/22 04:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/22 03:56:59 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/22 03:49:32 | 000,231,936 | -HS- | M] () -- C:\Documents and Settings\rignault\Application Data\VboxServs.exe
[2012/05/22 03:49:32 | 000,231,936 | -HS- | M] () -- C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe
[2012/05/22 03:40:51 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LogMeIn.lnk
[2012/05/22 03:40:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/05/22 03:40:10 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/05/22 03:40:10 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/05/22 03:39:22 | 098,799,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/22 03:33:57 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\Microsoft Office Outlook 2003.lnk
[2012/05/21 10:30:22 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\Microsoft Office PowerPoint 2003.lnk
[2012/05/21 10:26:39 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\edenyles.bmp
[2012/05/21 09:37:30 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\rignault\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2012/05/18 11:56:50 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/18 11:56:50 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/18 11:02:49 | 000,211,302 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/18 09:55:39 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\rignault\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/18 09:55:39 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012/05/18 09:55:39 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2012/05/18 04:18:30 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\Google Chrome.lnk
[2012/05/18 04:18:30 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\rignault\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/16 08:46:29 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\Microsoft Office Word 2003.lnk
[2012/05/14 04:18:27 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/13 14:07:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/10 09:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/10 03:52:43 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\rignault\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk
[2012/05/10 03:52:35 | 000,001,027 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\Dropbox.lnk
[2012/05/09 07:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office
[2012/05/04 05:42:49 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\rignault\Bureau\Contrôle du volume (2).lnk
[2012/05/04 04:28:25 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\rignault\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/05/02 08:27:14 | 000,225,049 | ---- | M] () -- C:\WINDOWS\hpoins41.dat
[2012/05/02 08:24:24 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
[2012/05/02 08:20:19 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Achat de fournitures HP.lnk
[2012/05/02 08:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP
[2012/05/02 08:16:40 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
[2012/05/02 08:14:57 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Galerie de photos Windows Live.lnk
[2012/04/30 03:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Panasonic
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/22 05:27:38 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/22 04:32:06 | 000,231,936 | -HS- | C] () -- C:\Documents and Settings\Administrateur\Application Data\VboxServs.exe
[2012/05/22 03:49:47 | 000,231,936 | -HS- | C] () -- C:\Documents and Settings\rignault\Application Data\VboxServs.exe
[2012/05/21 10:03:21 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\rignault\Bureau\edenyles.bmp
[2012/05/18 11:52:03 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/18 09:55:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\rignault\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/18 09:55:39 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012/05/18 09:55:39 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2012/05/02 08:20:19 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Achat de fournitures HP.lnk
[2012/05/02 08:16:40 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
[2012/05/02 08:14:57 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Galerie de photos Windows Live.lnk
[2012/05/02 08:10:54 | 000,225,049 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2012/05/02 08:10:54 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2012/05/02 06:11:24 | 000,001,027 | ---- | C] () -- C:\Documents and Settings\rignault\Bureau\Dropbox.lnk
[2012/05/02 05:26:59 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\rignault\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk
[2012/04/03 14:40:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/15 08:24:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/05 09:41:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\fusioncache.dat
[2011/07/30 06:28:02 | 000,281,702 | ---- | C] () -- C:\Documents and Settings\rignault\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/14 14:03:36 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/01/14 14:03:36 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/01/14 14:03:36 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/01/14 14:03:36 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/01/14 14:03:36 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/01/14 14:03:36 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/01/14 14:03:36 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/01/14 14:03:36 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/01/14 14:03:36 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/01/14 14:03:36 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/01/14 14:03:36 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/01/14 14:03:36 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/01/14 14:03:36 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/01/14 14:03:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/01/14 14:03:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/01/14 14:03:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/01/14 14:03:36 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/01/14 14:03:36 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/01/14 14:03:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/02 08:15:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 15:29:34 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/01/30 17:40:01 | 000,023,800 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/08 06:15:07 | 000,078,312 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/07/29 14:02:48 | 000,178,721 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2009/07/29 14:02:47 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2009/07/28 05:16:14 | 000,119,515 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2008/10/12 10:05:27 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\rignault\intlname.ols
[2008/10/11 10:26:57 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/11 09:52:44 | 027,582,248 | ---- | C] () -- C:\Program Files\Avast.exe
[2008/10/11 09:39:40 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\rignault\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 12:35:15 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\rignault\Local Settings\Application Data\fusioncache.dat
[2008/02/04 12:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/02 12:37:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/02 12:33:33 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2007/07/02 12:31:11 | 000,003,556 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/02 12:09:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/07/02 12:09:22 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/07/02 12:09:22 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/07/02 12:09:21 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/07/02 12:09:21 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/07/02 12:09:21 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/07/02 12:09:21 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/07/02 12:09:21 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/07/02 12:09:21 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/02 12:09:20 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/07/02 12:09:20 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/07/02 12:09:19 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/07/02 12:09:09 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/02 12:08:12 | 000,001,450 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/09 20:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 08:27:50 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 08:26:07 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2004/08/19 08:22:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 08:15:31 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 08:14:48 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 08:10:38 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 08:09:56 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 08:03:59 | 000,515,442 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/19 08:03:59 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/19 08:03:59 | 000,086,856 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/19 08:03:59 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/19 08:03:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 08:03:43 | 000,446,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 08:03:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 08:03:43 | 000,073,126 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 08:03:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 08:03:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 08:03:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 08:03:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 08:03:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 08:03:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 08:03:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 08:03:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/01 04:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2012/03/04 13:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rignault\Application Data\AVG Secure Search
[2010/12/04 14:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rignault\Application Data\AVG10
[2012/05/22 03:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rignault\Application Data\Dropbox
[2009/02/16 06:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rignault\Application Data\Leadertech
[2010/09/19 15:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rignault\Application Data\Toshiba
[2011/07/25 17:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/03/12 08:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/02/05 11:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/04 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/04 14:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/04 14:07:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/22 03:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/11/06 07:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/30 11:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/08/29 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SanDisk
[2007/07/02 12:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/19 15:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2011/06/11 14:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/22 04:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/05/22 05:34:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{00C57178-8F63-45E2-8C31-B6BE65D4BBDD}.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AEC.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:aec.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
[2004/08/03 17:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\i386\aec.sys
[2004/08/03 17:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys

< MD5 for: AGP440.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ALG.EXE >
[2004/08/05 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\i386\alg.exe
[2004/08/05 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe
[2008/04/13 22:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe
[2008/04/13 22:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe

< MD5 for: ATAPI.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2010/06/10 20:40:58 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004/08/05 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys
[2004/08/05 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CSRSS.EXE >
[2004/08/05 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\i386\csrss.exe
[2004/08/05 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008/04/13 22:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 22:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe

< MD5 for: CTFMON.EXE >
[2004/08/05 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\i386\ctfmon.exe
[2004/08/05 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/13 22:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/13 22:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: DISK.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/05 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/05 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll
[2004/08/05 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/05 07:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: I8042PRT.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:i8042prt.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2004/08/05 07:00:00 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\i386\i8042prt.sys
[2004/08/05 07:00:00 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

< MD5 for: IMAPI.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:imapi.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:imapi.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:imapi.sys
[2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\ServicePackFiles\i386\imapi.sys
[2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2004/08/05 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- C:\i386\imapi.sys
[2004/08/05 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- C:\WINDOWS\$NtServicePackUninstall$\imapi.sys

< MD5 for: INTELIDE.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:intelide.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:intelide.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:intelide.sys
[2004/08/03 19:43:40 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=1367812F8A974E0C13A4888FA5E7EDE6 -- C:\i386\intelide.sys
[2004/08/03 19:43:40 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=1367812F8A974E0C13A4888FA5E7EDE6 -- C:\WINDOWS\$NtServicePackUninstall$\intelide.sys
[2008/04/13 22:03:25 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=4B6DA2F0A4095857A9E3F3697399D575 -- C:\WINDOWS\ServicePackFiles\i386\intelide.sys
[2008/04/13 22:03:25 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=4B6DA2F0A4095857A9E3F3697399D575 -- C:\WINDOWS\system32\drivers\intelide.sys

< MD5 for: MOUNTMGR.SYS >
[2004/08/05 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\i386\mountmgr.sys
[2004/08/05 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys

< MD5 for: MRXSMB.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:mrxsmb.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys
[2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
[2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2005/01/19 00:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\i386\mrxsmb.sys
[2005/01/19 00:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 07:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 07:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2005/01/18 15:51:58 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\i386\SP2\Windows\System32\Drivers\mrxsmb.sys
[2005/01/18 23:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2005/01/18 15:51:40 | 000,440,064 | ---- | M] (Microsoft Corporation) MD5=7F09B37065B61DDBC6116F612E6183D1 -- C:\i386\SP1\Windows\System32\Drivers\mrxsmb.sys
[2011/04/29 12:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
[2004/10/27 21:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2011/07/15 09:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
[2011/02/17 09:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/05 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll
[2004/08/05 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2007/02/25 16:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\drivers\storage\R149470\nvata.sys
[2007/02/25 16:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\i386\nvata.sys
[2007/02/25 16:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: RASACD.SYS >
[2004/08/05 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys
[2004/08/05 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPCDD.SYS >
[2004/08/05 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\i386\rdpcdd.sys
[2004/08/05 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys

< MD5 for: REDBOOK.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:redbook.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/03 19:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\i386\redbook.sys
[2004/08/03 19:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys

< MD5 for: SCECLI.DLL >
[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll
[2004/08/05 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SERVICES.EXE >
[2008/04/13 22:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 22:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/09 07:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004/08/05 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=732E0B1ABAACE15D80EC19056B0A2AF9 -- C:\i386\services.exe
[2004/08/05 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=732E0B1ABAACE15D80EC19056B0A2AF9 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >
[2008/04/13 22:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/13 22:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\system32\smss.exe
[2004/08/05 07:00:00 | 000,512,512 | ---- | M] (Microsoft Corporation) MD5=4AB4DB9D2CB393E2095330D668FFD5A9 -- C:\i386\SYSTEM32\SMSS.EXE
[2004/08/05 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=B4C08D31E8C2EA9D76F892052A6FCAEB -- C:\i386\smss.exe
[2004/08/05 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=B4C08D31E8C2EA9D76F892052A6FCAEB -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2008/04/13 22:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 22:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 20:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\i386\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2004/08/05 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=1BD6C2F707A275CB7C16FD99FE0F31CA -- C:\i386\svchost.exe
[2004/08/05 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=1BD6C2F707A275CB7C16FD99FE0F31CA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\i386\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/05 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: TERMDD.SYS >
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:termdd.sys
[2004/08/05 07:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2008/10/11 09:32:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
[2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
[2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/03 19:55:12 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\i386\termdd.sys
[2004/08/03 19:55:12 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys

< MD5 for: USERINIT.EXE >
[2004/08/05 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\i386\userinit.exe
[2004/08/05 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WIN32K.SYS >
[2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB954211$\win32k.sys
[2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/05/02 04:02:25 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2012/04/11 09:51:40 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=17E46C7EE44E6BFA0CF398204282BF0C -- C:\WINDOWS\SoftwareDistribution\Download\d4a328329cb8bb124f79da738c6ca2f7\sp3gdr\win32k.sys
[2012/04/11 09:51:40 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=17E46C7EE44E6BFA0CF398204282BF0C -- C:\WINDOWS\system32\dllcache\win32k.sys
[2012/04/11 09:51:40 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=17E46C7EE44E6BFA0CF398204282BF0C -- C:\WINDOWS\system32\win32k.sys
[2010/10/26 09:59:49 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=19209B83DC73BCA78558C2F220DB65E2 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2012/04/11 09:50:47 | 001,871,488 | ---- | M] (Microsoft Corporation) MD5=1A21AF886EC31258E012921D5E5E2398 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\win32k.sys
[2012/04/11 09:50:47 | 001,871,488 | ---- | M] (Microsoft Corporation) MD5=1A21AF886EC31258E012921D5E5E2398 -- C:\WINDOWS\SoftwareDistribution\Download\d4a328329cb8bb124f79da738c6ca2f7\sp3qfe\win32k.sys
[2007/03/08 11:45:59 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=24B0EF79632899E1831BD052F53A8A24 -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
[2011/06/06 07:36:19 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=31C9FCD53634B437F36B0417DA48066A -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2010/12/31 10:04:24 | 001,855,104 | ---- | M] (Microsoft Corporation) MD5=3AB58BCEC87615E452991E8E257ADFA9 -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011/03/03 09:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2009/08/14 11:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2011/09/06 10:08:29 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=501628FE99EE77D59BFD29B6DC6803DA -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2011/06/06 07:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=667C2CED1208788BD0FE1F6E8CFE1CD0 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2011/11/23 10:39:14 | 001,868,672 | ---- | M] (Microsoft Corporation) MD5=6B88EAB930D6D14019A627C1A9DFC4DD -- C:\WINDOWS\$hf_mig$\KB2639417\SP3QFE\win32k.sys
[2009/02/09 10:05:54 | 001,846,912 | ---- | M] (Microsoft Corporation) MD5=6D791CDCE0B1551D95A81D69E7352EF5 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
[2010/09/01 03:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2009/08/14 11:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2008/09/15 11:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\WINDOWS\$NtUninstallKB958690$\win32k.sys
[2009/02/09 09:59:50 | 001,847,680 | ---- | M] (Microsoft Corporation) MD5=A06AF7F6B26F2BDEFB0961D4641D6453 -- C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys
[2012/01/12 13:21:12 | 001,869,184 | ---- | M] (Microsoft Corporation) MD5=A274CBA14BE87AE4D6FF0DA6DEAA7618 -- C:\WINDOWS\$hf_mig$\KB2660465\SP3QFE\win32k.sys
[2009/04/19 15:42:34 | 001,847,936 | ---- | M] (Microsoft Corporation) MD5=A4CB910DA61C2AB50D1D4E15CDA48D32 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
[2010/10/26 10:07:17 | 001,853,440 | ---- | M] (Microsoft Corporation) MD5=A872D428716E5C454D97F16785656351 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2007/03/08 11:33:58 | 001,843,712 | ---- | M] (Microsoft Corporation) MD5=A8B9B1911F1D52DB8D24C4AC37CEC0E3 -- C:\i386\win32k.sys
[2007/03/08 11:33:58 | 001,843,712 | ---- | M] (Microsoft Corporation) MD5=A8B9B1911F1D52DB8D24C4AC37CEC0E3 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2008/09/15 11:20:39 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=AC230363E6F0021E3F8336990F348A87 -- C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys
[2010/09/01 03:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2012/01/12 13:20:33 | 001,860,096 | ---- | M] (Microsoft Corporation) MD5=C72AD6E77768B3DF200FF414CF306AD0 -- C:\WINDOWS\$NtUninstallKB2641653$\win32k.sys
[2010/06/24 05:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2012/02/03 05:56:28 | 001,869,312 | ---- | M] (Microsoft Corporation) MD5=CF530A5F9D22E93230A15F4C2E5AF228 -- C:\WINDOWS\$hf_mig$\KB2641653\SP3QFE\win32k.sys
[2011/11/23 10:40:17 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=D331A16F0A6AA63A738BB24F0E2D13EF -- C:\WINDOWS\$NtUninstallKB2660465$\win32k.sys
[2010/05/02 04:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2009/04/19 15:50:30 | 001,847,296 | ---- | M] (Microsoft Corporation) MD5=E2D4E6609DCF4175FCC8BCA489F28D9C -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2011/03/03 09:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2012/02/03 05:58:01 | 001,860,224 | ---- | M] (Microsoft Corporation) MD5=E94CA8AA938E7BB5D2D8BBCEBC95124B -- C:\WINDOWS\$NtUninstallKB2676562$\win32k.sys
[2010/06/24 17:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2010/12/31 10:02:58 | 001,864,192 | ---- | M] (Microsoft Corporation) MD5=FA7694CA8CE7E7660676C646A15A3CEE -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2011/09/06 10:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=FD0E6DD2893EB98845EA3C84A774A926 -- C:\WINDOWS\$NtUninstallKB2639417$\win32k.sys

< MD5 for: WINLOGON.EXE >
[2004/08/05 07:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\i386\winlogon.exe
[2004/08/05 07:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:55:26 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/03/02 00:00:24 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:22 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:12 | 008,518,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/19 08:09:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/19 08:09:26 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/19 08:09:26 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< CREATERESTOREPOINT >


========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\rignault\Bureau\Propal alarmaniaV1.2-1.doc:com.dropbox.attributes
< End of report >