rootkit sur mon pc detecté mais pas viré

wormsseur · le 25 janvier 2011

Bonsoir

Depuis quelques jours avast me trouve un Rootkit à l'adresse suivante:

c:/windows/system32/drivers/sptd.sys

J'y ai droit a chaque demarrage. j'ai tenté de le mettre en quarantaine, de le suprimer, et il relance le scan hors windows ca revient sans cesse.

J'ai tenter une anayse direct sur el fichier en question avec avast et malwarebyte mis a jour bien sur.

Et la surprise plus rien...sauf qu'a chaque redemarage ca recommence!

certaint page interne devienent depuis inaccessible (un lien?) et ce sur mozilla, explorer et google chrome a la fois! pourtant le site fonctionne a merveille sur d'autre pc.

ca me rend dingue j'avoue.

Je suis donc coincé, Ccleaner a nettoyer, trier le registre et virer l'espace vide sans plus de résultats.

Avez vous besoin d'un rapport hijthjakthis pour mieux voir peut etre?

J'avoue etre perdu, la seule option pour le moment sans votre aide est le formatage et ca serait vraiment bete car le reste fonctionne, du moins pour le moment car ma ligne adsl saute souvent et je dois rebooter le pc ( bien que mon modem devienne vieux et je me demande si c'est pas lui mais c'est bizare comme coincidence ^^))

merci d'avance de votre aide

jeanmimigab · le 25 janvier 2011

hello,

est-ce que tu as Daemontool ou un autre émulateur de ce genre sur ton PC ?

wormsseur · le 26 janvier 2011

oui en effet j'ai daeon tool ! pourquoi? ca viendrait de lui?

jeanmimigab · le 26 janvier 2011

hello,

sptd.sys est un driver de Daemontool qui génère parfois des faux positifs, fais analyser le fichier "C:\windows\system32\drivers\sptd.sys" sur >> Virus total << et poste le résultat, on en saura plus ...

Si l'upload ne fonctionne pas fais cela...

Utilise Defogger pour désactiver temporairement tous les logiciels d'émulations

Télécharge Defogger sur ton bureau

Fais un double-clic dessus pour le lancer.

Une fenêtre s'ouvre, clique sur "Disable".

Fais redémarrer ton PC si Defogger te le demande.

ensuite ré-essaye l'upload du fichier SPDT.sys

@++

wormsseur · le 26 janvier 2011

alors j'ai du lancer le defogger en effet (bien pratique ce truc ^^)

voici le resultat de l'analyse apres restart du pc imposé:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: a199171385be17973fd800fa91f8f78a

Date first seen: 2010-09-09 21:42:37 (UTC)

Date last seen: 2011-01-26 15:45:22 (UTC)

Detection ratio: 0/43

j'ai donc demander de reanalyser:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

sptd.sys

Submission date:

2011-01-26 20:08:44 (UTC)

Current status:

queued queued analysing finished

Result:

0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.2.0 2011.01.26 -

Antiy-AVL 2.0.3.7 2011.01.26 -

Avast 4.8.1351.0 2011.01.26 -

Avast5 5.0.677.0 2011.01.26 -

AVG 10.0.0.1190 2011.01.26 -

BitDefender 7.2 2011.01.26 -

CAT-QuickHeal 11.00 2011.01.25 -

ClamAV 0.96.4.0 2011.01.26 -

Commtouch 5.2.11.5 2011.01.26 -

Comodo 7511 2011.01.26 -

DrWeb 5.0.2.03300 2011.01.26 -

Emsisoft 5.1.0.1 2011.01.26 -

eSafe 7.0.17.0 2011.01.24 -

eTrust-Vet 36.1.8121 2011.01.26 -

F-Prot 4.6.2.117 2011.01.26 -

F-Secure 9.0.16160.0 2011.01.26 -

Fortinet 4.2.254.0 2011.01.26 -

GData 21 2011.01.26 -

Ikarus T3.1.1.97.0 2011.01.26 -

Jiangmin 13.0.900 2011.01.26 -

K7AntiVirus 9.78.3650 2011.01.26 -

Kaspersky 7.0.0.125 2011.01.26 -

McAfee 5.400.0.1158 2011.01.26 -

McAfee-GW-Edition 2010.1C 2011.01.26 -

Microsoft 1.6502 2011.01.26 -

NOD32 5822 2011.01.26 -

Norman 6.06.12 2011.01.26 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.3.5 2011.01.26 -

PCTools 7.0.3.5 2011.01.26 -

Prevx 3.0 2011.01.26 -

Rising 23.42.02.03 2011.01.26 -

Sophos 4.61.0 2011.01.26 -

SUPERAntiSpyware 4.40.0.1006 2011.01.26 -

Symantec 20101.3.0.103 2011.01.26 -

TheHacker 6.7.0.1.120 2011.01.26 -

TrendMicro 9.120.0.1004 2011.01.26 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.26 -

VBA32 3.12.14.3 2011.01.26 -

VIPRE 8206 2011.01.26 -

ViRobot 2011.1.26.4276 2011.01.26 -

VirusBuster 13.6.166.0 2011.01.26 -

Additional information

Show all

MD5 : a199171385be17973fd800fa91f8f78a

SHA1 : 37034695bbefec4557969ec649dc61e7a4b8de8f

SHA256: 815091dc5a3506a3c8414b9d0213a61df8289ba8645289cc9d338820536b42ea

ssdeep: 12288:oi329nSFuaezqm4wqOK0cO+sCjRXU46vn:H3292BmLqcCjWVP

File size : 436792 bytes

First seen: 2010-09-09 21:42:37

Last seen : 2011-01-26 20:08:44

TrID:

Win32 Executable Generic (58.4%)

Clipper DOS Executable (13.8%)

Generic Win/DOS Executable (13.7%)

DOS Executable Generic (13.7%)

VXD Driver (0.2%)

sigcheck:

publisher....: Duplex Secure Ltd.

product......: SCSI Pass Through Direct

description..: SCSI Pass Through Direct Host

original name: sptd.sys

internal name: SPTD.SYS

file version.: 1.74.0.0 built by: WinDDK

comments.....: n/a

signers......: Duplex Secure Ltd

VeriSign Class 3 Code Signing 2009-2 CA

Class 3 Public Primary Certification Authority

signing date.: 7:11 AM 8/24/2010

verified.....: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0xF8D38

timedatestamp....: 0x4C736279 (Tue Aug 24 06:11:05 2010)

machinetype......: 0x14c (I386)

[[ 9 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x3AAA0, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.data, 0x3C000, 0x2230C, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

PAGE, 0x5F000, 0x296C0, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

INIT, 0x89000, 0x5500, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.rsrc, 0x8F000, 0x388, 0x400, 2.98, 93f401d59543512bbdd38778bb4e25cb

.sptd0, 0x90000, 0x40CE, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.sptd1, 0x95000, 0x136CC, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.sptd2, 0xA9000, 0x6827B, 0x68400, 7.92, ca07a906752dc9f222e1be8212d9e3fc

.reloc, 0x112000, 0x108, 0x200, 3.29, b3d40b202d3d48cbcd431bfe285d99b4

[[ 5 import(s) ]]

ntoskrnl.exe: RtlFreeUnicodeString, RtlStringFromGUID, RtlQueryRegistryValues, RtlCompareMemory, IoWMIRegistrationControl, IofCallDriver, IofCompleteRequest, ObfDereferenceObject, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, MmUnmapIoSpace, MmMapIoSpace, RtlInitAnsiString, sprintf, RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, ExDeleteResourceLite, KeInitializeEvent, ExInitializeResourceLite, KeSetEvent, ObReferenceObjectByHandle, ZwOpenDirectoryObject, KeClearEvent, IoCreateDevice, ObfReferenceObject, _allmul, _aulldiv, swprintf, KeQuerySystemTime, KeWaitForSingleObject, KeResetEvent, _wcsnicmp, RtlWriteRegistryValue, PsGetCurrentProcessId, IoGetCurrentProcess, _allshr, _except_handler3, ExAcquireResourceExclusiveLite, ExGetPreviousMode, RtlEqualUnicodeString, ProbeForRead, MmUserProbeAddress, RtlUpcaseUnicodeString, memmove, ExAllocatePoolWithTagPriority, _aullrem, _alldiv, IoDeleteDevice, wcsstr, RtlInitUnicodeString, RtlDeleteRegistryValue, _wcsicmp, _allrem, IoReuseIrp, ExFreeToPagedLookasideList, ExAllocateFromPagedLookasideList, IoBuildDeviceIoControlRequest, IoSetThreadHardErrorMode, ExfInterlockedInsertTailList, IoBuildPartialMdl, IoAllocateMdl, KeDelayExecutionThread, IoDriverObjectType, IoRegisterShutdownNotification, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, KeWaitForMultipleObjects, MmHighestUserAddress, IoFileObjectType, IoFreeIrp, IoAllocateIrp, MmIsAddressValid, MmProbeAndLockPages, IoFreeMdl, MmUnlockPages, MmSizeOfMdl, PsGetVersion, ProbeForWrite, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, strncpy, IoGetDeviceObjectPointer, IoInitializeIrp, ExfInterlockedRemoveHeadList, ExQueueWorkItem, KeReleaseSemaphore, KeInitializeSemaphore, MmGetPhysicalAddress, IoGetDeviceProperty, MmGetSystemRoutineAddress, ExAllocatePoolWithTag, IoWMIWriteEvent, ExFreePoolWithTag, KeEnterCriticalRegion, ExAcquireResourceSharedLite, ExReleaseResourceLite, KeLeaveCriticalRegion, KeGetCurrentThread, memcpy, MmMapLockedPagesSpecifyCache, IoBuildSynchronousFsdRequest, memset

HAL.dll: KeStallExecutionProcessor, KfReleaseSpinLock, KfAcquireSpinLock, KfLowerIrql, KeRaiseIrqlToDpcLevel, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql

SCSIPORT.SYS: ScsiPortInitialize

ntoskrnl.exe: IoAllocateMdl, MmProbeAndLockPages, MmMapLockedPagesSpecifyCache, MmUnlockPages, IoFreeMdl, ExAllocatePool, ExFreePool, NtQuerySystemInformation

HAL.dll: HalMakeBeep

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

visiblement c'est clean.

il suffit de virer daemon tool ou d'ignorer le fichier tout betement alors?

Bien que ca ne m'explique pas pk j'ai des pages web qui coince et mes sessions msn qui reste pas loguer a chaque restart. un autre soucis ca peut etre alors. beuh j'attends ta reponse avant d'anticiper de trop (deja raté je crois mdr)

jeanmimigab · le 26 janvier 2011

re,

on va quand même jeter un œil à ton pc, ça ne coute rien,

fais cela stp..

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%SYSTEMDRIVE%\spdt.* /s

NetSvcs

%systemroot%\system32\drivers\*.sys /lockedfiles

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

spdt.sys

spdt.sys.vir

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

tcpip.sys

Sfloppy.sys

Changer.sys

cdrom.sys

disk.sys

ndis.sys

usbscan.sys

usbprint.sys

tdtcp.sys

tdpipe.sys

swmidi.sys

splitter.sys

rdpwd.sys

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

RASACD.SYS

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).

* Copie et colle les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

@++

wormsseur · le 26 janvier 2011

oki je fais ca demain et je te dis quoi. merci de ton aide.

sur ce bonne nuit et a demain soir ^^

wormsseur · le 28 janvier 2011

Voici donc les deux rapports comme promis. Ca donne quoi en francais? lol

1er rapport:

OTL logfile created on: 28/01/2011 21:02:50 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Propriétaire\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186,30 Gb Total Space | 75,23 Gb Free Space | 40,38% Space Free | Partition Type: NTFS

Computer Name: ARNOOO-8B4C1CC6 | User Name: Propriétaire | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Propriétaire\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\lxdpcoms.exe ( )

PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)

PRC - C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ANYCOM\Blue USB-200-250\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

PRC - C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe ()

PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

PRC - C:\WINDOWS\system32\NotifyPhoneBook.exe ()

PRC - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Propriétaire\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\SuperCopier2\SC2Hook.dll (SFX TEAM)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (lxdp_device) -- C:\WINDOWS\System32\lxdpcoms.exe ( )

SRV - (lxdpCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe ()

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (btwdins) -- C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe (Broadcom Corporation.)

SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)

SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (AtmLane) -- C:\WINDOWS\system32\drivers\atmlane.sys (Microsoft Corporation)

DRV - (AtmElan) -- C:\WINDOWS\system32\drivers\atmlane.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()

DRV - (Atmuni) -- C:\WINDOWS\system32\drivers\atmuni.sys (Microsoft Corporation)

DRV - (Rawwan) -- C:\WINDOWS\system32\drivers\rawwan.sys (Microsoft Corporation)

DRV - (P1131VID) Creative WebCam NX Pro (WDM) -- C:\WINDOWS\system32\drivers\P1131Vid.sys (Creative Technology Ltd.)

DRV - (AmeAtmPc) -- C:\WINDOWS\system32\drivers\ameatmpc.sys (Alcatel Microelectronics)

DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "WikipÃ©dia (fr)"

FF - prefs.js..browser.startup.homepage: "http://www.google.be/"'>http://www.google.be/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=fr&q="'>http://www.google.com/search?sourceid=navclient&hl=fr&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 15:36:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 15:30:25 | 000,000,000 | ---D | M]

[2010/07/21 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Extensions

[2010/07/21 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/01/28 14:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m3hk9gci.default\extensions

[2010/04/27 18:21:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m3hk9gci.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/03 20:42:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m3hk9gci.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/12/10 20:52:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m3hk9gci.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/09/09 21:46:07 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m3hk9gci.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011/01/27 18:19:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m3hk9gci.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/01/28 14:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PROPRIÃ©TAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3HK9GCI.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PROPRIÃ©TAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3HK9GCI.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PROPRIÃ©TAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3HK9GCI.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PROPRIÃ©TAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3HK9GCI.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PROPRIÃ©TAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3HK9GCI.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}

[2009/09/22 20:53:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/12/22 17:34:29 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/12/10 21:03:39 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/12/10 21:03:39 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/12/10 21:03:39 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2009/09/25 04:41:11 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml

[2010/12/10 21:03:39 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/12/10 21:03:39 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/01/25 21:55:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [AME_CSA] C:\WINDOWS\System32\AmeCSA.cpl (Alcatel Microelectronics)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\.DEFAULT..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKU\S-1-5-18..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Color Calibration.lnk = C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1390067357-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm ()

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Stm Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/22 17:03:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

SafeBootMin: AppMgmt - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/28 18:56:19 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe

[2011/01/28 13:16:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/01/25 22:27:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/01/25 21:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/01/25 21:46:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/01/25 21:46:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/01/25 21:46:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/01/25 21:46:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/01/25 21:45:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/01/25 21:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/01/25 21:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/01/25 13:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Downloads

[2011/01/24 20:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\new zik

[2011/01/20 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype

[2011/01/18 15:09:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Propriétaire\Recent

[2011/01/04 21:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2011/01/03 20:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2011/01/01 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2011/01/01 21:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\assembly

[2011/01/01 21:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\assembly

[2011/01/01 21:30:23 | 000,197,632 | ---- | C] (Dino Chiesa) -- C:\WINDOWS\System32\Ionic.Zip.Reduced.dll

[2011/01/01 16:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft

[2011/01/01 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner

[2010/04/22 22:02:34 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll

[2010/04/22 22:02:34 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll

[2010/04/22 22:02:34 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll

[2010/04/22 22:02:33 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll

[2010/04/22 22:02:33 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll

[2010/04/22 22:02:32 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll

[2010/04/22 22:02:32 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll

[2010/04/22 22:02:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll

[2010/04/22 22:02:30 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll

[2010/04/22 22:02:28 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll

[2010/04/22 22:02:28 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll

[2010/03/23 19:47:16 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll

[2009/09/22 21:08:23 | 004,300,800 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Propriétaire\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Propriétaire\Local Settings\Application Data\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/28 21:03:47 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{193EBDFA-13AF-4DDC-8D6A-C9AFF35C7031}.job

[2011/01/28 20:33:00 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/28 20:25:23 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/28 18:56:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe

[2011/01/28 15:33:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/28 11:59:44 | 000,000,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2011/01/28 11:58:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/26 21:06:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/01/26 21:04:41 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Propriétaire\defogger_reenable

[2011/01/25 21:55:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2011/01/25 21:55:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/01/25 21:51:20 | 000,000,344 | RHS- | M] () -- C:\boot.ini

[2011/01/25 19:43:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk

[2011/01/20 18:47:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/01/16 00:12:38 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/01/15 12:15:58 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Google Chrome.lnk

[2011/01/15 12:15:58 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/01/13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/01/13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/01/13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/01/13 09:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/01/13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/01/12 22:25:55 | 000,281,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011/01/12 22:25:55 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2011/01/10 19:21:17 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Allods Online.lnk

[2011/01/01 23:21:46 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Mes documents\ax_files.xml

[2011/01/01 20:36:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2010/12/30 19:34:33 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Raccourci vers Comptes 2011.lnk

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Propriétaire\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Propriétaire\Local Settings\Application Data\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/26 21:04:36 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Propriétaire\defogger_reenable

[2011/01/25 21:51:20 | 000,000,228 | ---- | C] () -- C:\Boot.bak

[2011/01/25 21:51:16 | 000,263,488 | RHS- | C] () -- C:\cmldr

[2011/01/25 21:46:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/01/25 21:46:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/01/25 21:46:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/01/25 21:46:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/01/25 21:46:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/01/12 22:25:55 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011/01/12 22:25:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2011/01/10 19:21:17 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Allods Online.lnk

[2011/01/01 20:36:55 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2010/12/30 19:34:33 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Raccourci vers Comptes 2011.lnk

[2010/12/22 17:34:28 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys

[2010/09/06 19:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2010/08/20 16:42:25 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/07/14 00:30:20 | 000,000,018 | ---- | C] () -- C:\WINDOWS\avi2divx.INI

[2010/04/22 22:03:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll

[2010/04/22 22:03:40 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll

[2010/04/22 22:02:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini

[2010/04/22 22:02:34 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll

[2010/04/22 22:02:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll

[2010/04/22 19:10:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI

[2010/04/04 20:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2010/03/28 19:50:34 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat

[2010/02/24 20:58:47 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\AVSMediaPlayer.m3u

[2010/01/25 22:33:31 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini

[2010/01/03 21:03:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/09 22:03:43 | 000,000,145 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI

[2009/11/09 15:45:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\MultLang.dll

[2009/11/09 15:45:00 | 000,004,408 | ---- | C] () -- C:\WINDOWS\System32\FileList.ini

[2009/11/09 15:45:00 | 000,003,059 | ---- | C] () -- C:\WINDOWS\System32\AmeCfg.ini

[2009/11/09 15:45:00 | 000,000,312 | ---- | C] () -- C:\WINDOWS\System32\Gains.ini

[2009/11/09 15:44:59 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\WipCfg.ini

[2009/10/12 21:59:33 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/30 17:55:48 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys

[2009/09/30 17:55:48 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll

[2009/09/30 17:55:47 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll

[2009/09/30 17:55:47 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys

[2009/09/30 17:55:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2009/09/25 19:53:09 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini

[2009/09/25 19:53:09 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini

[2009/09/22 19:15:31 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/09/22 19:14:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini

[2009/09/22 18:53:57 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/09/22 18:45:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2009/09/22 17:57:42 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\fusioncache.dat

[2009/09/22 17:27:36 | 000,025,294 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys

[2009/09/22 17:23:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/05/26 21:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 21:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 21:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2005/09/06 14:42:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2004/08/05 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/06/09 22:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper

[2010/06/16 18:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/09/06 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2009/09/25 16:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2010/06/27 22:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon

[2010/06/02 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/08/08 12:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/21 19:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/09/22 19:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2010/12/10 21:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/12/10 14:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\.purple

[2010/07/05 23:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Astro Gemini Software

[2010/11/06 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\CheckPoint

[2010/12/09 23:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\enchant

[2009/09/23 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\EPSON

[2010/06/14 19:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Facebook

[2010/12/09 23:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0

[2009/09/22 19:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\InterTrust

[2010/12/10 19:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Miranda

[2010/10/22 16:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\OneSwarm

[2009/09/22 20:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org

[2010/11/16 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\SystemRequirementsLab

[2010/03/25 17:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TeamViewer

[2010/09/06 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Teleca

[2009/10/25 13:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\The Creative Assembly

[2010/07/21 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TomTom

[2010/12/26 22:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TS3Client

[2009/09/27 16:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Windows Desktop Search

[2009/09/28 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Windows Search

[2011/01/23 23:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\XnView

[2011/01/28 21:03:47 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{193EBDFA-13AF-4DDC-8D6A-C9AFF35C7031}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\spdt.* /s >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/10/06 17:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/09/22 18:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2010/06/09 22:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper

[2010/06/16 18:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/02/24 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2010/09/06 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2011/01/02 21:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESTsoft

[2011/01/03 20:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/09/25 16:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2009/09/22 21:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/01/12 22:23:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2011/01/12 18:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2010/04/04 20:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero

[2010/06/27 22:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon

[2010/02/09 22:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/06/02 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2011/01/20 13:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/09/06 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2010/03/30 23:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/08/08 12:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/21 19:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/09/22 19:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2009/09/22 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010/12/10 21:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/10/19 20:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2010/12/13 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2010/10/07 06:43:28 | 000,365,912 | ---- | M] (ESTsoft Corp.) -- C:\Documents and Settings\All Users\Application Data\ESTsoft\ALAuth\AuthSerialReg.exe

[2010/04/27 05:20:44 | 000,374,104 | ---- | M] (ESTsoft corp.) -- C:\Documents and Settings\All Users\Application Data\ESTsoft\ALCM\ALCMUpdate.exe

[2011/01/01 22:07:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

[2010/09/01 07:53:54 | 001,861,000 | ---- | M] (Nexon Corp.) -- C:\Documents and Settings\All Users\Application Data\Nexon\Common\NMService.exe

< %APPDATA%\*. >

[2010/12/10 14:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\.purple

[2009/09/24 17:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Adobe

[2010/07/05 23:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Astro Gemini Software

[2009/09/22 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ATI

[2010/11/06 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\CheckPoint

[2009/09/22 19:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Creative

[2011/01/28 20:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\dvdcss

[2010/12/09 23:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\enchant

[2009/09/23 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\EPSON

[2011/01/02 21:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ESTsoft

[2010/06/14 19:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Facebook

[2010/08/06 15:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Google

[2010/12/09 23:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0

[2010/04/29 18:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Help

[2009/09/22 17:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Identities

[2009/09/22 19:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\InterTrust

[2009/09/22 21:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Lavasoft

[2009/09/22 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Macromedia

[2009/09/22 21:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes

[2010/06/09 21:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Media Player Classic

[2010/08/26 11:48:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft

[2010/12/10 19:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Miranda

[2010/11/06 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla

[2010/01/03 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Nero

[2010/10/22 16:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\OneSwarm

[2009/09/22 20:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org

[2010/12/09 23:08:08 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\SecuROM

[2011/01/26 23:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Skype

[2011/01/26 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\skypePM

[2010/09/06 19:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Sony Ericsson

[2009/09/22 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Sun

[2010/11/16 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\SystemRequirementsLab

[2009/10/12 19:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\teamspeak2

[2010/03/25 17:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TeamViewer

[2010/09/06 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Teleca

[2009/10/25 13:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\The Creative Assembly

[2010/07/21 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TomTom

[2010/12/26 22:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TS3Client

[2011/01/28 20:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\vlc

[2009/09/27 16:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Windows Desktop Search

[2009/09/28 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Windows Search

[2010/08/20 17:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\WinRAR

[2011/01/23 23:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\XnView

[2010/12/13 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Yahoo!

< %APPDATA%\*.exe /s >

[2010/06/14 19:01:59 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Propriétaire\Application Data\Facebook\uninstall.exe

[2010/04/22 19:16:23 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{9BBE1474-DA14-4309-AD6E-75673873EB5D}\wwicon.exe

[2010/04/28 18:36:46 | 000,004,710 | R--- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{F93F0793-AE93-4C61-8F46-CD5A0C3A9038}\ARPPRODUCTICON.exe

[2010/04/28 18:36:46 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{F93F0793-AE93-4C61-8F46-CD5A0C3A9038}\FlexiPoints.exe1_F93F0793AE934C618F46CD5A0C3A9038.exe

[2010/04/28 18:36:46 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{F93F0793-AE93-4C61-8F46-CD5A0C3A9038}\FlexiPoints.exe_F93F0793AE934C618F46CD5A0C3A9038.exe

[2010/04/28 18:36:46 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{F93F0793-AE93-4C61-8F46-CD5A0C3A9038}\UNINST_Deinstalliere_F93F0793AE934C618F46CD5A0C3A9038.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:cdrom.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[2004/08/05 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CHANGER.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:Changer.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys

[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

[2004/08/03 22:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: DISK.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys

[2004/08/05 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys

[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >

[2004/08/19 15:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2004/08/19 15:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NDIS.SYS >

[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2004/08/05 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/19 15:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >

[2004/12/07 09:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: RASACD.SYS >

[2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys

[2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPWD.SYS >

[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys

[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys

[2004/08/05 13:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys

< MD5 for: SCECLI.DLL >

[2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFLOPPY.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:Sfloppy.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys

[2004/08/05 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys

[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys

[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys

< MD5 for: SPLITTER.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:splitter.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys

[2004/08/03 22:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys

[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys

[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys

< MD5 for: SWMIDI.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:swmidi.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys

[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys

[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys

[2001/08/17 21:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys

< MD5 for: TCPIP.SYS >

[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=4AFB3B0919649F95C1964AA1FAD27D73 -- C:\WINDOWS\system32\drivers\tcpip.sys

[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2004/08/05 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys

[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: TDPIPE.SYS >

[2004/08/05 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys

[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys

[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys

< MD5 for: TDTCP.SYS >

[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys

[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys

[2004/08/05 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys

< MD5 for: USBPRINT.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbprint.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys

[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys

[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys

[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys

< MD5 for: USBSCAN.SYS >

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbscan.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys

[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys

[2009/09/23 00:03:54 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys

[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys

[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys

[2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys

< MD5 for: USERINIT.EXE >

[2004/08/19 15:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/19 15:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >

2em rapport: