Ecran bleu et crash suite à Avast
Benjamin12345
Messages postés
8
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour à tous,
J'ai un problème assez embetant avec mon ordinateur portable HP, sous vista.
Apres pas mal de soucis avec des virus "récidivistes", j'ai supprimé des fichiers infectés avec Avast antivirus.
Maintenant lorsque j'allume mon PC, deux messages apparaissent me disant que "les modules spécifiés sont introuvables", ce sont les fichiers:
C:\User\Monprénom\AppData\Local\Uxagepuw.dll
et
C:\User\Monprénom\AppData\Local\csrv32.dll
ensuite, mon ordinateur passe aux fameux écran bleu avec de l'écriture blanche, puis redémarre.
Ce problème n'apparait pourtant pas lorsque je démarre en mode sans échec.
Merci beaucoup pour votre aide !!!
Benjamin
J'ai un problème assez embetant avec mon ordinateur portable HP, sous vista.
Apres pas mal de soucis avec des virus "récidivistes", j'ai supprimé des fichiers infectés avec Avast antivirus.
Maintenant lorsque j'allume mon PC, deux messages apparaissent me disant que "les modules spécifiés sont introuvables", ce sont les fichiers:
C:\User\Monprénom\AppData\Local\Uxagepuw.dll
et
C:\User\Monprénom\AppData\Local\csrv32.dll
ensuite, mon ordinateur passe aux fameux écran bleu avec de l'écriture blanche, puis redémarre.
Ce problème n'apparait pourtant pas lorsque je démarre en mode sans échec.
Merci beaucoup pour votre aide !!!
Benjamin
A voir également:
- Ecran bleu et crash suite à Avast
- Supprimer rond bleu whatsapp - Guide
- Double ecran - Guide
- Ecran bleu windows 10 - Guide
- Désinstaller avast - Télécharger - Antivirus & Antimalwares
- Ecran a l'envers - Guide
10 réponses
C'est assez limité.
Soit tu réinstalles ton PC (en n'oubliant pas de sauvegarder ce que tu veux), soit tu essaies ceci pour me faire un rapport d'analyse :
https://forum.malekal.com/viewtopic.php?t=23453&start=
Soit tu réinstalles ton PC (en n'oubliant pas de sauvegarder ce que tu veux), soit tu essaies ceci pour me faire un rapport d'analyse :
https://forum.malekal.com/viewtopic.php?t=23453&start=
Bonjour,
--> Suis la procédure suivante et poste le rapport :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
--> Suis la procédure suivante et poste le rapport :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Bonjour,
je n'arrive pas à lancer l'installation du logiciel (que j'ai télechargé à partir d'un autre ordinateur) en mode sans échec, y a t-il une manipe' particulière à faire?
je n'arrive pas à lancer l'installation du logiciel (que j'ai télechargé à partir d'un autre ordinateur) en mode sans échec, y a t-il une manipe' particulière à faire?
Peut-être un virus qui bloque l'installation.
On va essayer autre chose.
--> Télécharge OTL (par OldTimer) sur ton Bureau.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
--> Coche également les cases à côté de Recherche Lop et Recherche Purity.
--> Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.
--> Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.
Pour me transmettre les rapports :
--> Clique sur ce lien : http://www.cijoint.fr/
--> Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
--> Clique sur Ouvrir.
--> Clique sur Cliquez ici pour déposer le fichier.
--> Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
--> Copie-colle ce lien dans ta réponse.
On va essayer autre chose.
--> Télécharge OTL (par OldTimer) sur ton Bureau.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
--> Coche également les cases à côté de Recherche Lop et Recherche Purity.
--> Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.
--> Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.
Pour me transmettre les rapports :
--> Clique sur ce lien : http://www.cijoint.fr/
--> Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
--> Clique sur Ouvrir.
--> Clique sur Cliquez ici pour déposer le fichier.
--> Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
--> Copie-colle ce lien dans ta réponse.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci pour ton aide Destrio, mais je suis en mode sans échec et je n'arrive pas à lancer quoique ce soit... j'ai beau cliquer et recliquer, lancer en mode administrateur... il ne se passe rien....
Je peux ouvrir des documents PDF. Copier, couper, coller des fichiers, mais c'est a peu pres tout. J'ecris d'ailleurs d'un autre ordinateur.
le voila enfin ! :)
OTL logfile created on: 5/4/2011 6:39:48 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16757)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.63 Gb Total Space | 52.44 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 2.20 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
Drive E: | 3.94 Gb Total Space | 1.76 Gb Free Space | 44.78% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto] -- -- (DigiRefresh)
SRV - [2011/04/03 19:16:14 | 000,042,496 | ---- | M] ( ) [Auto] -- C:\Windows\TEMP\pgyf\setup.exe -- (AMService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/05/25 04:41:54 | 000,099,248 | ---- | M] () [Auto] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:38 | 000,537,520 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/04/21 21:14:19 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/28 11:45:38 | 000,118,877 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 11:45:34 | 000,270,431 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/09 08:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/02 08:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand] -- C:\Windows\System32\dlcjcoms.exe -- (dlcj_device)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/01/03 18:42:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 07:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 07:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 07:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/09/08 08:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/10/02 16:55:42 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071002.003\IDSvix86.sys -- (IDSvix86)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder iPod Edition\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/21 04:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071007.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/09/21 04:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/09/21 04:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071007.006\NAVENG.SYS -- (NAVENG)
DRV - [2007/04/21 21:16:11 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/22 12:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/01/11 20:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 20:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 20:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 16:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 16:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 16:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 16:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 16:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 16:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/01/03 09:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/30 04:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 12:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/06/28 03:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/07/30 06:02:54 | 000,017,277 | ---- | M] (Frontier Design Group) [Kernel | On_Demand] -- C:\Windows\System32\drivers\US122DL.sys -- (US122DL)
DRV - [2004/07/30 05:49:30 | 000,086,648 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\US122Wdm.sys -- (Us122WdmService)
DRV - [2004/07/30 05:49:10 | 000,217,472 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\US122.sys -- (US122)
DRV - [2000/03/18 11:06:00 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\NSynas32.sys -- (Nsynas32)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
Hosts file not found
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKU\Benjamin_ON_C\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\Benjamin_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DigidesignMMERefresh] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AMService] C:\Windows\Temp\pgyf\setup.exe ( )
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/21 21:55:46 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0f8694b5-b21c-11dd-b290-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{0f8694b5-b21c-11dd-b290-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{1ea2eaa2-2367-11de-aaaf-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{1ea2eaa2-2367-11de-aaaf-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{23b60d97-2337-11dd-9930-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{23b60d97-2337-11dd-9930-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{23b60d9c-2337-11dd-9930-001b245547a8}\Shell - "" = AutoRun
O33 - MountPoints2\{23b60d9c-2337-11dd-9930-001b245547a8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{6d92ef04-a8b6-11dc-b307-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{6d92ef04-a8b6-11dc-b307-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{735634e7-2fdd-11dd-8ce7-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{735634e7-2fdd-11dd-8ce7-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{a2da14ae-edd5-11dc-a8b3-001b245547a8}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{a2da14ae-edd5-11dc-a8b3-001b245547a8}\Shell\explore\Command - "" = RECYCLED\INFO.exe
O33 - MountPoints2\{a2da14ae-edd5-11dc-a8b3-001b245547a8}\Shell\open\Command - "" = RECYCLED\INFO.exe
O33 - MountPoints2\{a8543ed4-338a-11de-ad2a-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{a8543ed4-338a-11de-ad2a-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{ccbcb2a6-0908-11dd-8b88-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\{e49e1e4f-43d7-11de-9ea7-fef2f170d09f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{e49e1e4f-43d7-11de-9ea7-fef2f170d09f}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{ebb6063e-abd8-11dc-a3a0-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycled\ctfmon.exe
O33 - MountPoints2\{ebb6063e-abd8-11dc-a3a0-001b245547a8}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycled\ctfmon.exe
O33 - MountPoints2\G\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/05/04 07:55:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/15 09:05:28 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\de clé USB
[2011/04/05 11:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/05 11:23:23 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/05 11:23:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/05 11:23:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/05 11:23:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/01/21 14:55:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2009/01/21 14:55:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2009/01/21 14:55:03 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2009/01/21 14:55:02 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2009/01/21 14:55:02 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2009/01/21 14:55:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2009/01/21 14:55:01 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2009/01/21 14:55:01 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2009/01/21 14:55:00 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2009/01/21 14:54:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2009/01/21 14:54:58 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2009/01/21 14:54:57 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2009/01/21 14:54:56 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2009/01/21 14:54:56 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2009/01/21 14:54:56 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/05/04 09:27:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 08:19:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/04 08:07:24 | 000,001,356 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011/05/04 07:57:09 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/05/04 07:39:04 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 06:57:13 | 000,689,846 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/04 06:57:13 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/04 06:57:13 | 000,116,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/04 06:57:13 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/04 06:55:12 | 000,580,608 | ---- | M] () -- C:\Users\Benjamin\Desktop\OTL.exe
[2011/04/18 05:12:42 | 000,002,447 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/17 15:44:14 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/17 15:44:06 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/04/17 15:05:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 15:05:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/16 13:50:19 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{288B26C9-3047-4D3B-B290-0B00DA97DCF4}.job
[2011/04/16 13:36:05 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/16 13:32:38 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/15 05:47:56 | 000,000,000 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\Aromijukijaduxo.bin
[2011/04/13 07:03:19 | 000,405,451 | ---- | M] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi2.jpg
[2011/04/13 07:00:15 | 000,001,101 | ---- | M] () -- C:\Users\Benjamin\Documents\Lettre de motiv'.lnk
[2011/04/13 07:00:00 | 000,404,290 | ---- | M] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi.jpg
[2011/04/11 14:00:03 | 000,000,588 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Analyse système complète - Benjamin.job
[2011/04/10 19:16:11 | 000,122,880 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:25:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/07 18:51:12 | 000,000,120 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\Tjiti.dat
[2011/04/07 05:26:47 | 000,002,627 | ---- | M] () -- C:\Users\Benjamin\Desktop\Microsoft Office Word 2007.lnk
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/05/04 06:55:06 | 000,580,608 | ---- | C] () -- C:\Users\Benjamin\Desktop\OTL.exe
[2011/04/17 15:44:14 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/17 15:15:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/17 15:06:08 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/13 07:02:31 | 000,405,451 | ---- | C] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi2.jpg
[2011/04/13 07:00:00 | 000,404,290 | ---- | C] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi.jpg
[2011/04/03 14:53:48 | 000,001,356 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011/01/23 14:49:01 | 000,000,120 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\Tjiti.dat
[2011/01/23 14:49:01 | 000,000,000 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\Aromijukijaduxo.bin
[2010/05/09 12:15:48 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2010/01/03 11:03:00 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/12/30 08:26:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AudioEncoderEnum.dll
[2009/04/14 05:42:51 | 000,000,238 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/01/21 14:56:06 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2009/01/21 14:55:04 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2009/01/21 14:54:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2008/08/28 10:05:37 | 000,008,373 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/16 08:21:36 | 000,000,115 | ---- | C] () -- C:\Users\Benjamin\AppData\default.pls
[2008/05/03 05:01:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2008/04/14 06:09:09 | 000,000,440 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\wklnhst.dat
[2008/04/10 17:30:05 | 000,028,160 | ---- | C] () -- C:\Windows\UnSetup.exe
[2008/04/10 16:54:01 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Skel32.dll
[2008/04/10 16:54:01 | 000,003,584 | ---- | C] () -- C:\Windows\System32\SKELETON.DLL
[2008/04/08 06:10:05 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/03/26 06:33:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/26 06:24:15 | 005,927,424 | ---- | C] () -- C:\Windows\System32\Drs732.dll
[2008/03/21 06:32:36 | 000,161,792 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/03/21 06:32:29 | 000,000,001 | ---- | C] () -- C:\Windows\hlp-fastamr.dll
[2008/02/14 08:27:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcjvs.dll
[2008/02/12 14:28:02 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2
[2008/02/12 14:28:02 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/02/12 09:59:24 | 000,000,153 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2008/02/12 09:58:13 | 000,021,504 | ---- | C] () -- C:\Windows\unvise32.dll
[2007/12/01 08:33:43 | 000,027,043 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\UserTile.png
[2007/09/27 14:25:45 | 000,067,584 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\CDRusersDB.v12
[2007/09/11 03:52:02 | 000,122,880 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/21 21:46:55 | 000,111,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/28 09:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/02/22 06:14:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007/02/22 04:50:42 | 000,245,760 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/01/23 14:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 12:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/12/13 17:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 17:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 11:48:33 | 000,689,846 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 11:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 11:48:33 | 000,116,988 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 11:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,548,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,532 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/24 13:18:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dlcjinsr.dll
[2005/08/24 13:18:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcjcur.dll
[2005/08/24 13:18:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcjjswr.dll
[2005/08/17 03:25:24 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcjinsb.dll
[2005/08/17 03:25:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcjcub.dll
[2005/08/17 03:25:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcjcu.dll
[2005/08/17 03:25:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlcjins.dll
[2005/08/17 03:24:04 | 000,430,080 | ---- | C] () -- C:\Windows\System32\dlcjutil.dll
[2005/07/12 17:37:04 | 000,630,784 | ---- | C] () -- C:\Windows\System32\dlcjpmui.dll
[2005/07/12 17:36:12 | 001,183,744 | ---- | C] () -- C:\Windows\System32\dlcjserv.dll
[2005/07/12 17:34:22 | 000,491,520 | ---- | C] () -- C:\Windows\System32\dlcjlmpm.dll
[2005/07/12 17:34:06 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlcjcomm.dll
[2005/07/12 17:34:00 | 000,368,640 | ---- | C] () -- C:\Windows\System32\dlcjcfg.exe
[2005/07/12 17:33:18 | 000,372,736 | ---- | C] () -- C:\Windows\System32\dlcjih.exe
[2005/07/12 17:33:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlcjpplc.dll
[2005/07/12 17:33:02 | 000,491,520 | ---- | C] () -- C:\Windows\System32\dlcjcoms.exe
[2005/07/12 17:32:40 | 000,704,512 | ---- | C] () -- C:\Windows\System32\dlcjcomc.dll
[2005/07/12 17:32:20 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlcjprox.dll
[2005/07/12 17:29:46 | 001,122,304 | ---- | C] () -- C:\Windows\System32\dlcjusb1.dll
[2005/07/12 17:28:22 | 000,770,048 | ---- | C] () -- C:\Windows\System32\dlcjhbn3.dll
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcjcfg.dll
[2005/05/08 00:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/12/17 12:14:44 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
[color=#E56717]========== LOP Check ==========[/color]
[2009/10/11 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Broad Intelligence
[2010/01/04 07:12:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2009/08/18 12:45:56 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Firaxis Games
[2008/05/16 08:53:42 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\foobar2000
[2011/03/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GetRightToGo
[2008/03/12 06:14:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Grisbi
[2009/01/28 06:24:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Hide IP NG
[2009/01/21 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Lexmark Productivity Studio
[2009/02/18 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\LimeWire
[2007/11/04 06:42:29 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\muvee Technologies
[2009/08/18 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\My Games
[2009/06/02 11:51:52 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2010/01/03 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PACE Anti-Piracy
[2007/12/01 08:33:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PeerNetworking
[2010/01/04 08:03:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Steinberg
[2008/04/14 06:09:10 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Template
[2010/05/09 12:16:40 | 000,000,000 | ---D | M] -- C:\ProgramData\A-PDF
[2009/02/10 09:59:57 | 000,000,000 | ---D | M] -- C:\ProgramData\App4rTemp
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2010/01/04 06:13:05 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/02/09 19:28:19 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2010/06/15 06:36:11 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2008/04/09 11:39:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2007/11/04 06:42:18 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2010/01/03 11:31:02 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2007/09/11 07:26:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2009/01/17 20:02:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Scan-eDoc
[2010/01/04 07:23:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Steinberg
[2007/11/04 06:42:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2010/01/04 07:57:27 | 000,000,000 | ---D | M] -- C:\ProgramData\VST3 Presets
[2011/01/02 08:15:22 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/07 05:44:59 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/16 14:47:23 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/16 13:50:19 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{288B26C9-3047-4D3B-B290-0B00DA97DCF4}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
Invalid Environment Variable: %APPDATA%\*.
Invalid Environment Variable: %APPDATA%\*.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/04/21 22:02:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/04/21 22:02:09 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/04/21 22:02:09 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[color=#A23BEC]< MD5 for: ALG.EXE >[/color]
[2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=A1545B731579895D8CC44FC0481C1192 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6001.18000_none_a8e952205b1e893c\alg.exe
[2006/11/02 05:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=E69FB0E3112C40FDC0EF7D21A52DC951 -- C:\Windows\System32\alg.exe
[2006/11/02 05:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=E69FB0E3112C40FDC0EF7D21A52DC951 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6000.16386_none_a6b290245e337868\alg.exe
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008/01/19 01:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[color=#A23BEC]< MD5 for: CSRSS.EXE >[/color]
[2006/11/02 05:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\System32\csrss.exe
[2006/11/02 05:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
[2008/01/19 03:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
[color=#A23BEC]< MD5 for: CTFMON.EXE >[/color]
[2006/11/02 05:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 05:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\drivers\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008/02/25 22:06:51 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/02/25 22:06:51 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[color=#A23BEC]< MD5 for: INTELIDE.SYS >[/color]
[2008/01/19 03:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) MD5=83AA759F3189E6370C30DE5DC5590718 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\intelide.sys
[2006/11/02 05:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) MD5=97469037714070E45194ED318D636401 -- C:\Windows\System32\drivers\intelide.sys
[2006/11/02 05:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) MD5=97469037714070E45194ED318D636401 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\intelide.sys
[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\System32\drivers\mountmgr.sys
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6000.16386_none_f06162ca0a1ab2c0\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys
[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2007/12/16 09:07:06 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=529B64F9735D27FEF1B8EA1678F8C79E -- C:\Windows\System32\drivers\mrxsmb.sys
[2007/12/16 09:07:06 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=529B64F9735D27FEF1B8EA1678F8C79E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16586_none_7d5aaf055432589d\mrxsmb.sys
[2008/01/19 01:28:36 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C4AD205530888404E2B5FC8D9319B119 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18000_none_7f916d35511d6f23\mrxsmb.sys
[2007/12/16 09:07:06 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=DC5632CBC8A3D02CE1114DEBB64B7037 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.20709_none_7e3dcdf46d0c620b\mrxsmb.sys
[2006/11/02 04:31:21 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=FCA7563D87F71C6DB0182CA67CC19AA7 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16386_none_7d5aab3954325e4f\mrxsmb.sys
[color=#A23BEC]< MD5 for: MRXSMB10.SYS >[/color]
[2008/08/26 20:52:38 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0883E1ADA541F4201ECAF63C29F2DCAC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
[2008/08/26 21:05:41 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0A986B34F1678A2697574D7B1664E2DD -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
[2008/08/25 21:11:59 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008/08/25 21:11:59 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
[2006/11/02 04:31:27 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=58A9AB5754FA4CABEDE7401283B5A771 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16386_none_866dc98d4e839cb1\mrxsmb10.sys
[2008/01/19 01:28:42 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=67E55CED3FC143C82A8197988BFC1F9A -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18000_none_88a48b894b6ead85\mrxsmb10.sys
[2008/08/26 20:48:36 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=F813456C00B904DC3B6558CAD7B13BBA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
[color=#A23BEC]< MD5 for: MRXSMB20.SYS >[/color]
[2007/12/16 09:07:06 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\System32\drivers\mrxsmb20.sys
[2007/12/16 09:07:06 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16586_none_88a4376b8cdaca70\mrxsmb20.sys
[2008/01/19 01:28:37 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=3268B8C3FA92BFC086355C39B45E9CC9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18000_none_8adaf59b89c5e0f6\mrxsmb20.sys
[2007/12/16 09:07:06 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=5334E68E89628A117255B936B204977F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.20709_none_8987565aa5b4d3de\mrxsmb20.sys
[2006/11/02 04:31:17 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=79B09504E4A790104683722CD04F76B4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16386_none_88a4339f8cdad022\mrxsmb20.sys
[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2008/01/19 01:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\System32\drivers\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys
[color=#A23BEC]< MD5 for: RDPCDD.SYS >[/color]
[2006/11/02 05:02:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=794585276B5D7FCA9F3FC15543F9F0B9 -- C:\Windows\System32\drivers\RDPCDD.sys
[2006/11/02 05:02:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=794585276B5D7FCA9F3FC15543F9F0B9 -- C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.0.6000.16386_none_d2a4621f4153e710\RDPCDD.sys
[2008/01/19 02:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=89E59BE9A564262A3FB6C4F4F1CD9899 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.0.6001.18000_none_d4db241b3e3ef7e4\RDPCDD.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[color=#A23BEC]< MD5 for: SMSS.EXE >[/color]
[2008/01/19 03:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006/11/02 05:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\System32\smss.exe
[2006/11/02 05:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\System32\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[color=#A23BEC]< MD5 for: STORPORT.SYS >[/color]
[2008/01/19 03:43:12 | 000,123,960 | ---- | M] (Microsoft Corporation) MD5=39AD2C7B9C05C1CCD12480890DBA4EB5 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6001.18000_none_277c4ea9302ee5d3\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\System32\drivers\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6000.16386_none_25458cad3343d4ff\Storport.sys
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[color=#A23BEC]< MD5 for: TCPIP.SYS >[/color]
[2008/01/11 08:01:03 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2008/01/11 08:01:03 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2008/02/25 22:04:47 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2008/02/25 22:04:47 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\System32\drivers\tcpip.sys
[2008/02/25 22:04:47 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99
OTL logfile created on: 5/4/2011 6:39:48 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16757)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.63 Gb Total Space | 52.44 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 2.20 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
Drive E: | 3.94 Gb Total Space | 1.76 Gb Free Space | 44.78% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto] -- -- (DigiRefresh)
SRV - [2011/04/03 19:16:14 | 000,042,496 | ---- | M] ( ) [Auto] -- C:\Windows\TEMP\pgyf\setup.exe -- (AMService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/05/25 04:41:54 | 000,099,248 | ---- | M] () [Auto] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:38 | 000,537,520 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/04/21 21:14:19 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/28 11:45:38 | 000,118,877 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 11:45:34 | 000,270,431 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/09 08:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/02 08:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand] -- C:\Windows\System32\dlcjcoms.exe -- (dlcj_device)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/01/03 18:42:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 07:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 07:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 07:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/09/08 08:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/10/02 16:55:42 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071002.003\IDSvix86.sys -- (IDSvix86)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder iPod Edition\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/21 04:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071007.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/09/21 04:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/09/21 04:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071007.006\NAVENG.SYS -- (NAVENG)
DRV - [2007/04/21 21:16:11 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/22 12:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/01/11 20:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 20:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 20:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 16:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 16:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 16:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 16:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 16:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 16:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/01/03 09:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/30 04:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 12:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/06/28 03:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/07/30 06:02:54 | 000,017,277 | ---- | M] (Frontier Design Group) [Kernel | On_Demand] -- C:\Windows\System32\drivers\US122DL.sys -- (US122DL)
DRV - [2004/07/30 05:49:30 | 000,086,648 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\US122Wdm.sys -- (Us122WdmService)
DRV - [2004/07/30 05:49:10 | 000,217,472 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\US122.sys -- (US122)
DRV - [2000/03/18 11:06:00 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\NSynas32.sys -- (Nsynas32)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
Hosts file not found
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKU\Benjamin_ON_C\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\Benjamin_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DigidesignMMERefresh] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AMService] C:\Windows\Temp\pgyf\setup.exe ( )
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/21 21:55:46 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0f8694b5-b21c-11dd-b290-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{0f8694b5-b21c-11dd-b290-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{1ea2eaa2-2367-11de-aaaf-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{1ea2eaa2-2367-11de-aaaf-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{23b60d97-2337-11dd-9930-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{23b60d97-2337-11dd-9930-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{23b60d9c-2337-11dd-9930-001b245547a8}\Shell - "" = AutoRun
O33 - MountPoints2\{23b60d9c-2337-11dd-9930-001b245547a8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{6d92ef04-a8b6-11dc-b307-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{6d92ef04-a8b6-11dc-b307-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{735634e7-2fdd-11dd-8ce7-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{735634e7-2fdd-11dd-8ce7-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{a2da14ae-edd5-11dc-a8b3-001b245547a8}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{a2da14ae-edd5-11dc-a8b3-001b245547a8}\Shell\explore\Command - "" = RECYCLED\INFO.exe
O33 - MountPoints2\{a2da14ae-edd5-11dc-a8b3-001b245547a8}\Shell\open\Command - "" = RECYCLED\INFO.exe
O33 - MountPoints2\{a8543ed4-338a-11de-ad2a-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{a8543ed4-338a-11de-ad2a-001b245547a8}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{ccbcb2a6-0908-11dd-8b88-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\{e49e1e4f-43d7-11de-9ea7-fef2f170d09f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled\ctfmon.exe
O33 - MountPoints2\{e49e1e4f-43d7-11de-9ea7-fef2f170d09f}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{ebb6063e-abd8-11dc-a3a0-001b245547a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycled\ctfmon.exe
O33 - MountPoints2\{ebb6063e-abd8-11dc-a3a0-001b245547a8}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycled\ctfmon.exe
O33 - MountPoints2\G\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/05/04 07:55:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/15 09:05:28 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\de clé USB
[2011/04/05 11:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/05 11:23:23 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/05 11:23:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/05 11:23:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/05 11:23:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/01/21 14:55:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2009/01/21 14:55:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2009/01/21 14:55:03 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2009/01/21 14:55:02 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2009/01/21 14:55:02 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2009/01/21 14:55:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2009/01/21 14:55:01 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2009/01/21 14:55:01 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2009/01/21 14:55:00 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2009/01/21 14:54:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2009/01/21 14:54:58 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2009/01/21 14:54:57 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2009/01/21 14:54:56 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2009/01/21 14:54:56 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2009/01/21 14:54:56 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/05/04 09:27:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 08:19:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/04 08:07:24 | 000,001,356 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011/05/04 07:57:09 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/05/04 07:39:04 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 06:57:13 | 000,689,846 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/04 06:57:13 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/04 06:57:13 | 000,116,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/04 06:57:13 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/04 06:55:12 | 000,580,608 | ---- | M] () -- C:\Users\Benjamin\Desktop\OTL.exe
[2011/04/18 05:12:42 | 000,002,447 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/17 15:44:14 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/17 15:44:06 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/04/17 15:05:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 15:05:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/16 13:50:19 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{288B26C9-3047-4D3B-B290-0B00DA97DCF4}.job
[2011/04/16 13:36:05 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/16 13:32:38 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/15 05:47:56 | 000,000,000 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\Aromijukijaduxo.bin
[2011/04/13 07:03:19 | 000,405,451 | ---- | M] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi2.jpg
[2011/04/13 07:00:15 | 000,001,101 | ---- | M] () -- C:\Users\Benjamin\Documents\Lettre de motiv'.lnk
[2011/04/13 07:00:00 | 000,404,290 | ---- | M] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi.jpg
[2011/04/11 14:00:03 | 000,000,588 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Analyse système complète - Benjamin.job
[2011/04/10 19:16:11 | 000,122,880 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:25:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/07 18:51:12 | 000,000,120 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\Tjiti.dat
[2011/04/07 05:26:47 | 000,002,627 | ---- | M] () -- C:\Users\Benjamin\Desktop\Microsoft Office Word 2007.lnk
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/05/04 06:55:06 | 000,580,608 | ---- | C] () -- C:\Users\Benjamin\Desktop\OTL.exe
[2011/04/17 15:44:14 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/17 15:15:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/17 15:06:08 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/13 07:02:31 | 000,405,451 | ---- | C] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi2.jpg
[2011/04/13 07:00:00 | 000,404,290 | ---- | C] () -- C:\Users\Benjamin\Documents\Scan Ursula-moi.jpg
[2011/04/03 14:53:48 | 000,001,356 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011/01/23 14:49:01 | 000,000,120 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\Tjiti.dat
[2011/01/23 14:49:01 | 000,000,000 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\Aromijukijaduxo.bin
[2010/05/09 12:15:48 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2010/01/03 11:03:00 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/12/30 08:26:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AudioEncoderEnum.dll
[2009/04/14 05:42:51 | 000,000,238 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/01/21 14:56:06 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2009/01/21 14:55:04 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2009/01/21 14:54:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2008/08/28 10:05:37 | 000,008,373 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/16 08:21:36 | 000,000,115 | ---- | C] () -- C:\Users\Benjamin\AppData\default.pls
[2008/05/03 05:01:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2008/04/14 06:09:09 | 000,000,440 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\wklnhst.dat
[2008/04/10 17:30:05 | 000,028,160 | ---- | C] () -- C:\Windows\UnSetup.exe
[2008/04/10 16:54:01 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Skel32.dll
[2008/04/10 16:54:01 | 000,003,584 | ---- | C] () -- C:\Windows\System32\SKELETON.DLL
[2008/04/08 06:10:05 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/03/26 06:33:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/26 06:24:15 | 005,927,424 | ---- | C] () -- C:\Windows\System32\Drs732.dll
[2008/03/21 06:32:36 | 000,161,792 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/03/21 06:32:29 | 000,000,001 | ---- | C] () -- C:\Windows\hlp-fastamr.dll
[2008/02/14 08:27:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcjvs.dll
[2008/02/12 14:28:02 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2
[2008/02/12 14:28:02 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/02/12 09:59:24 | 000,000,153 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2008/02/12 09:58:13 | 000,021,504 | ---- | C] () -- C:\Windows\unvise32.dll
[2007/12/01 08:33:43 | 000,027,043 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\UserTile.png
[2007/09/27 14:25:45 | 000,067,584 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\CDRusersDB.v12
[2007/09/11 03:52:02 | 000,122,880 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/21 21:46:55 | 000,111,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/28 09:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/02/22 06:14:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007/02/22 04:50:42 | 000,245,760 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/01/23 14:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 12:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/12/13 17:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 17:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 11:48:33 | 000,689,846 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 11:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 11:48:33 | 000,116,988 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 11:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,548,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,532 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/24 13:18:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dlcjinsr.dll
[2005/08/24 13:18:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcjcur.dll
[2005/08/24 13:18:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcjjswr.dll
[2005/08/17 03:25:24 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcjinsb.dll
[2005/08/17 03:25:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcjcub.dll
[2005/08/17 03:25:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcjcu.dll
[2005/08/17 03:25:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlcjins.dll
[2005/08/17 03:24:04 | 000,430,080 | ---- | C] () -- C:\Windows\System32\dlcjutil.dll
[2005/07/12 17:37:04 | 000,630,784 | ---- | C] () -- C:\Windows\System32\dlcjpmui.dll
[2005/07/12 17:36:12 | 001,183,744 | ---- | C] () -- C:\Windows\System32\dlcjserv.dll
[2005/07/12 17:34:22 | 000,491,520 | ---- | C] () -- C:\Windows\System32\dlcjlmpm.dll
[2005/07/12 17:34:06 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlcjcomm.dll
[2005/07/12 17:34:00 | 000,368,640 | ---- | C] () -- C:\Windows\System32\dlcjcfg.exe
[2005/07/12 17:33:18 | 000,372,736 | ---- | C] () -- C:\Windows\System32\dlcjih.exe
[2005/07/12 17:33:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlcjpplc.dll
[2005/07/12 17:33:02 | 000,491,520 | ---- | C] () -- C:\Windows\System32\dlcjcoms.exe
[2005/07/12 17:32:40 | 000,704,512 | ---- | C] () -- C:\Windows\System32\dlcjcomc.dll
[2005/07/12 17:32:20 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlcjprox.dll
[2005/07/12 17:29:46 | 001,122,304 | ---- | C] () -- C:\Windows\System32\dlcjusb1.dll
[2005/07/12 17:28:22 | 000,770,048 | ---- | C] () -- C:\Windows\System32\dlcjhbn3.dll
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcjcfg.dll
[2005/05/08 00:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/12/17 12:14:44 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
[color=#E56717]========== LOP Check ==========[/color]
[2009/10/11 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Broad Intelligence
[2010/01/04 07:12:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2009/08/18 12:45:56 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Firaxis Games
[2008/05/16 08:53:42 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\foobar2000
[2011/03/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GetRightToGo
[2008/03/12 06:14:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Grisbi
[2009/01/28 06:24:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Hide IP NG
[2009/01/21 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Lexmark Productivity Studio
[2009/02/18 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\LimeWire
[2007/11/04 06:42:29 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\muvee Technologies
[2009/08/18 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\My Games
[2009/06/02 11:51:52 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2010/01/03 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PACE Anti-Piracy
[2007/12/01 08:33:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PeerNetworking
[2010/01/04 08:03:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Steinberg
[2008/04/14 06:09:10 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Template
[2010/05/09 12:16:40 | 000,000,000 | ---D | M] -- C:\ProgramData\A-PDF
[2009/02/10 09:59:57 | 000,000,000 | ---D | M] -- C:\ProgramData\App4rTemp
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2010/01/04 06:13:05 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/02/09 19:28:19 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2010/06/15 06:36:11 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2008/04/09 11:39:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2007/09/11 03:10:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2007/11/04 06:42:18 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2010/01/03 11:31:02 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2007/09/11 07:26:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2009/01/17 20:02:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Scan-eDoc
[2010/01/04 07:23:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Steinberg
[2007/11/04 06:42:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2010/01/04 07:57:27 | 000,000,000 | ---D | M] -- C:\ProgramData\VST3 Presets
[2011/01/02 08:15:22 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/07 05:44:59 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/16 14:47:23 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/16 13:50:19 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{288B26C9-3047-4D3B-B290-0B00DA97DCF4}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
Invalid Environment Variable: %APPDATA%\*.
Invalid Environment Variable: %APPDATA%\*.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/04/21 22:02:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/04/21 22:02:09 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/04/21 22:02:09 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[color=#A23BEC]< MD5 for: ALG.EXE >[/color]
[2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=A1545B731579895D8CC44FC0481C1192 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6001.18000_none_a8e952205b1e893c\alg.exe
[2006/11/02 05:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=E69FB0E3112C40FDC0EF7D21A52DC951 -- C:\Windows\System32\alg.exe
[2006/11/02 05:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=E69FB0E3112C40FDC0EF7D21A52DC951 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6000.16386_none_a6b290245e337868\alg.exe
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008/01/19 01:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[color=#A23BEC]< MD5 for: CSRSS.EXE >[/color]
[2006/11/02 05:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\System32\csrss.exe
[2006/11/02 05:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
[2008/01/19 03:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
[color=#A23BEC]< MD5 for: CTFMON.EXE >[/color]
[2006/11/02 05:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 05:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\drivers\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008/02/25 22:06:51 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/02/25 22:06:51 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/02/25 22:06:50 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[color=#A23BEC]< MD5 for: INTELIDE.SYS >[/color]
[2008/01/19 03:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) MD5=83AA759F3189E6370C30DE5DC5590718 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\intelide.sys
[2006/11/02 05:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) MD5=97469037714070E45194ED318D636401 -- C:\Windows\System32\drivers\intelide.sys
[2006/11/02 05:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) MD5=97469037714070E45194ED318D636401 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\intelide.sys
[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\System32\drivers\mountmgr.sys
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6000.16386_none_f06162ca0a1ab2c0\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys
[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2007/12/16 09:07:06 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=529B64F9735D27FEF1B8EA1678F8C79E -- C:\Windows\System32\drivers\mrxsmb.sys
[2007/12/16 09:07:06 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=529B64F9735D27FEF1B8EA1678F8C79E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16586_none_7d5aaf055432589d\mrxsmb.sys
[2008/01/19 01:28:36 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C4AD205530888404E2B5FC8D9319B119 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18000_none_7f916d35511d6f23\mrxsmb.sys
[2007/12/16 09:07:06 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=DC5632CBC8A3D02CE1114DEBB64B7037 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.20709_none_7e3dcdf46d0c620b\mrxsmb.sys
[2006/11/02 04:31:21 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=FCA7563D87F71C6DB0182CA67CC19AA7 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16386_none_7d5aab3954325e4f\mrxsmb.sys
[color=#A23BEC]< MD5 for: MRXSMB10.SYS >[/color]
[2008/08/26 20:52:38 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0883E1ADA541F4201ECAF63C29F2DCAC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
[2008/08/26 21:05:41 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0A986B34F1678A2697574D7B1664E2DD -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
[2008/08/25 21:11:59 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008/08/25 21:11:59 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
[2006/11/02 04:31:27 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=58A9AB5754FA4CABEDE7401283B5A771 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16386_none_866dc98d4e839cb1\mrxsmb10.sys
[2008/01/19 01:28:42 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=67E55CED3FC143C82A8197988BFC1F9A -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18000_none_88a48b894b6ead85\mrxsmb10.sys
[2008/08/26 20:48:36 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=F813456C00B904DC3B6558CAD7B13BBA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
[color=#A23BEC]< MD5 for: MRXSMB20.SYS >[/color]
[2007/12/16 09:07:06 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\System32\drivers\mrxsmb20.sys
[2007/12/16 09:07:06 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16586_none_88a4376b8cdaca70\mrxsmb20.sys
[2008/01/19 01:28:37 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=3268B8C3FA92BFC086355C39B45E9CC9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18000_none_8adaf59b89c5e0f6\mrxsmb20.sys
[2007/12/16 09:07:06 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=5334E68E89628A117255B936B204977F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.20709_none_8987565aa5b4d3de\mrxsmb20.sys
[2006/11/02 04:31:17 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=79B09504E4A790104683722CD04F76B4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16386_none_88a4339f8cdad022\mrxsmb20.sys
[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2008/01/19 01:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\System32\drivers\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys
[color=#A23BEC]< MD5 for: RDPCDD.SYS >[/color]
[2006/11/02 05:02:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=794585276B5D7FCA9F3FC15543F9F0B9 -- C:\Windows\System32\drivers\RDPCDD.sys
[2006/11/02 05:02:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=794585276B5D7FCA9F3FC15543F9F0B9 -- C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.0.6000.16386_none_d2a4621f4153e710\RDPCDD.sys
[2008/01/19 02:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=89E59BE9A564262A3FB6C4F4F1CD9899 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.0.6001.18000_none_d4db241b3e3ef7e4\RDPCDD.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[color=#A23BEC]< MD5 for: SMSS.EXE >[/color]
[2008/01/19 03:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006/11/02 05:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\System32\smss.exe
[2006/11/02 05:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\System32\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[color=#A23BEC]< MD5 for: STORPORT.SYS >[/color]
[2008/01/19 03:43:12 | 000,123,960 | ---- | M] (Microsoft Corporation) MD5=39AD2C7B9C05C1CCD12480890DBA4EB5 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6001.18000_none_277c4ea9302ee5d3\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\System32\drivers\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6000.16386_none_25458cad3343d4ff\Storport.sys
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[color=#A23BEC]< MD5 for: TCPIP.SYS >[/color]
[2008/01/11 08:01:03 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2008/01/11 08:01:03 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2008/02/25 22:04:47 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2008/02/25 22:04:47 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\System32\drivers\tcpip.sys
[2008/02/25 22:04:47 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99
e4\tcpip.sys
[2008/01/19 03:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2006/11/02 05:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=7EFBF30D70818C972DA167AC34D6FC84 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=85908DA29AF0AB835048107AD2AD07D1 -- C:\Windows\System32\drivers\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=85908DA29AF0AB835048107AD2AD07D1 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=85908DA29AF0AB835048107AD2AD07D1 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\termdd.sys
[2008/01/19 03:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) MD5=A048056F5E1A96A9BF3071B91741A5AA -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2007/12/02 06:54:30 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=00D35636A02BB4529A707FA4E0B7F957 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20537_none_b77d6655b68fe37f\win32k.sys
[2008/04/09 05:17:35 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=0FB1E39EE209B26B70A8C1E1A56D38DF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
[2006/11/02 04:39:12 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=47754A68CC02A84DBD8413396368D963 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16386_none_b6bcb7be9d9bb8ec\win32k.sys
[2008/09/19 21:13:20 | 002,029,568 | ---- | M] (Microsoft Corporation) MD5=541DF3F03A378BDD96A917A4CB8C71A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys
[2008/04/09 05:17:34 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=5B1E0409A9A6C415543732F21B2B7CC6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
[2008/01/19 01:37:02 | 002,031,616 | ---- | M] (Microsoft Corporation) MD5=664FCB81B53ECC5A1ACB325D50EB11C0 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18000_none_b8f379ba9a86c9c0\win32k.sys
[2008/04/09 05:17:35 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=6FF39E07708091C05FC748DB2DE833EA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
[2007/12/02 06:54:30 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=832313608F8B128EC715047CF27732CF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16438_none_b6f4c9d49d715d0c\win32k.sys
[2008/09/19 21:21:50 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=8BE357305D4BBEC35DBBE7D5536EE8C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys
[2008/04/09 05:17:34 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=8F2DA4DDC21250ABA9206352A1080299 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
[2008/09/17 22:16:28 | 002,032,640 | ---- | M] (Microsoft Corporation) MD5=9304DD0014438C06261994960E24418A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys
[2008/09/17 22:03:07 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\System32\win32k.sys
[2008/09/17 22:03:07 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys
[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2006/11/02 08:35:57 | 000,244,224 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\audiodev.dll
[2006/11/02 05:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\browseui.dll
[2006/11/02 08:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\davclnt.dll
[2006/11/02 05:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drprov.dll
[2006/11/02 05:46:04 | 000,139,264 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\fontext.dll
[2008/10/01 23:49:02 | 006,066,176 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ieframe.dll
[2008/10/01 23:49:02 | 000,267,776 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\iertutil.dll
[2006/11/02 05:46:12 | 000,061,440 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ntlanman.dll
[2006/11/02 05:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\psapi.dll
[2006/11/02 05:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\shdocvw.dll
[2008/04/24 00:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\shell32.dll
[2006/11/02 08:35:58 | 002,536,960 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\wpdshext.dll
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
[color=#A23BEC]< CREATERESTOREPOINT >[/color]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/02/17 13:36:38 | 001,610,211 | ---- | M] ()(C:\Users\Benjamin\Desktop\???????.pptx) -- C:\Users\Benjamin\Desktop\???????.pptx
[2011/02/17 13:35:27 | 001,610,211 | ---- | C] ()(C:\Users\Benjamin\Desktop\???????.pptx) -- C:\Users\Benjamin\Desktop\???????.pptx
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 1402 bytes -> C:\ProgramData\Microsoft:sVIo12M41HnssX0QtXOFHx
@Alternate Data Stream - 1401 bytes -> C:\Program Files\Common Files\microsoft shared:8KIi0EsgUDjxunrPglm
@Alternate Data Stream - 1374 bytes -> C:\Users\Benjamin\AppData\Local\vvhSTzEX0TnH4:qPKFxbtpJ42smeKuDnpl1l0
@Alternate Data Stream - 1322 bytes -> C:\Program Files\Common Files\microsoft shared:ZSUUbeDNkbe2XcqaygTVdev
@Alternate Data Stream - 1285 bytes -> C:\ProgramData\Microsoft:WWhS49iLXC2LZ1jUX3J
@Alternate Data Stream - 1245 bytes -> C:\Users\Benjamin\AppData\Local\Application Data:kG77pmnsvlwYnr80DP0N
@Alternate Data Stream - 1245 bytes -> C:\Users\Benjamin\AppData\Local:kG77pmnsvlwYnr80DP0N
< End of report >
[2008/01/19 03:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2006/11/02 05:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=7EFBF30D70818C972DA167AC34D6FC84 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=85908DA29AF0AB835048107AD2AD07D1 -- C:\Windows\System32\drivers\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=85908DA29AF0AB835048107AD2AD07D1 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\termdd.sys
[2007/04/21 22:02:08 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=85908DA29AF0AB835048107AD2AD07D1 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\termdd.sys
[2008/01/19 03:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) MD5=A048056F5E1A96A9BF3071B91741A5AA -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2007/12/02 06:54:30 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=00D35636A02BB4529A707FA4E0B7F957 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20537_none_b77d6655b68fe37f\win32k.sys
[2008/04/09 05:17:35 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=0FB1E39EE209B26B70A8C1E1A56D38DF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
[2006/11/02 04:39:12 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=47754A68CC02A84DBD8413396368D963 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16386_none_b6bcb7be9d9bb8ec\win32k.sys
[2008/09/19 21:13:20 | 002,029,568 | ---- | M] (Microsoft Corporation) MD5=541DF3F03A378BDD96A917A4CB8C71A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys
[2008/04/09 05:17:34 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=5B1E0409A9A6C415543732F21B2B7CC6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
[2008/01/19 01:37:02 | 002,031,616 | ---- | M] (Microsoft Corporation) MD5=664FCB81B53ECC5A1ACB325D50EB11C0 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18000_none_b8f379ba9a86c9c0\win32k.sys
[2008/04/09 05:17:35 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=6FF39E07708091C05FC748DB2DE833EA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
[2007/12/02 06:54:30 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=832313608F8B128EC715047CF27732CF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16438_none_b6f4c9d49d715d0c\win32k.sys
[2008/09/19 21:21:50 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=8BE357305D4BBEC35DBBE7D5536EE8C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys
[2008/04/09 05:17:34 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=8F2DA4DDC21250ABA9206352A1080299 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
[2008/09/17 22:16:28 | 002,032,640 | ---- | M] (Microsoft Corporation) MD5=9304DD0014438C06261994960E24418A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys
[2008/09/17 22:03:07 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\System32\win32k.sys
[2008/09/17 22:03:07 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys
[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2006/11/02 08:35:57 | 000,244,224 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\audiodev.dll
[2006/11/02 05:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\browseui.dll
[2006/11/02 08:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\davclnt.dll
[2006/11/02 05:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drprov.dll
[2006/11/02 05:46:04 | 000,139,264 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\fontext.dll
[2008/10/01 23:49:02 | 006,066,176 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ieframe.dll
[2008/10/01 23:49:02 | 000,267,776 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\iertutil.dll
[2006/11/02 05:46:12 | 000,061,440 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ntlanman.dll
[2006/11/02 05:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\psapi.dll
[2006/11/02 05:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\shdocvw.dll
[2008/04/24 00:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\shell32.dll
[2006/11/02 08:35:58 | 002,536,960 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\wpdshext.dll
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
[color=#A23BEC]< CREATERESTOREPOINT >[/color]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/02/17 13:36:38 | 001,610,211 | ---- | M] ()(C:\Users\Benjamin\Desktop\???????.pptx) -- C:\Users\Benjamin\Desktop\???????.pptx
[2011/02/17 13:35:27 | 001,610,211 | ---- | C] ()(C:\Users\Benjamin\Desktop\???????.pptx) -- C:\Users\Benjamin\Desktop\???????.pptx
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 1402 bytes -> C:\ProgramData\Microsoft:sVIo12M41HnssX0QtXOFHx
@Alternate Data Stream - 1401 bytes -> C:\Program Files\Common Files\microsoft shared:8KIi0EsgUDjxunrPglm
@Alternate Data Stream - 1374 bytes -> C:\Users\Benjamin\AppData\Local\vvhSTzEX0TnH4:qPKFxbtpJ42smeKuDnpl1l0
@Alternate Data Stream - 1322 bytes -> C:\Program Files\Common Files\microsoft shared:ZSUUbeDNkbe2XcqaygTVdev
@Alternate Data Stream - 1285 bytes -> C:\ProgramData\Microsoft:WWhS49iLXC2LZ1jUX3J
@Alternate Data Stream - 1245 bytes -> C:\Users\Benjamin\AppData\Local\Application Data:kG77pmnsvlwYnr80DP0N
@Alternate Data Stream - 1245 bytes -> C:\Users\Benjamin\AppData\Local:kG77pmnsvlwYnr80DP0N
< End of report >
