Eliminer bera share web search

(2 Pages)
←
1
2

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Eliminer bera share web search Noter :

#11 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 15 juillet 2011 - 04:28

hello,

C'est pas mal, tu as le rapport Malwarebyte's ou bien il n'a rien trouvé ?

@++

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

#12 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 16 juillet 2011 - 06:19

Salut,
Le rapport Malawarebytes ne montre plus de fichiers infectés.Bear share a été eliminé.
Merçi pour l'aide.
Voila le rapport Malwarebytes pour info.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 7139

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

16/07/2011 08:14:22
mbam-log-2011-07-16 (08-14-22).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 169077
Temps écoulé: 2 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Retour en haut of the page up there ^

#13 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 16 juillet 2011 - 08:26

Bonjours,

OK c'est col,

Fais un scanne OTL comme tu l'as fais la première fois afin que je vois si rien de suspect ne traine sur le PC.

@++

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

#14 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 21 juillet 2011 - 11:38

[quote name='jeanmimigab' timestamp='1310801162' post='1562983']
Bonjours,

OK c'est col,

Fais un scanne OTL comme tu l'as fais la première fois afin que je vois si rien de suspect ne traine sur le PC.

@++
[/quote]

Bonjour;
Voila le tout dernier rapport OTL:
Merçi de t etre penché sur ce probleme.

OTL logfile created on: 21/07/2011 13:12:41 - Run 4
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,43% Memory free
7,98 Gb Paging File | 6,54 Gb Available in Paging File | 81,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,94 Gb Total Space | 426,07 Gb Free Space | 73,59% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 518,96 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 16,94 Gb Total Space | 2,74 Gb Free Space | 16,15% Space Free | Partition Type: NTFS
Drive F: | 99,34 Mb Total Space | 92,74 Mb Free Space | 93,36% Space Free | Partition Type: FAT32
Drive G: | 58,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (UDisk Monitor) -- C:\Program Files\MOOV 3G+\bin\MonServiceUDisk.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) Pilote de carte Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (zteusbser) -- C:\Windows\SysNative\drivers\zteusbser.sys (ZTE Corporation)
DRV:64bit: - (umpusbvista) -- C:\Windows\SysNative\drivers\umpusbvista.sys (Texas Instruments Inc)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/05/11 04:06:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/19 20:53:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/19 20:53:54 | 000,000,000 | ---D | M]

[2011/04/16 08:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2010/09/15 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/07/19 11:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\gevs52mp.default\extensions
[2011/02/18 14:31:25 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\gevs52mp.default\extensions\tineye@ideeinc.com
[2011/07/19 20:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/24 17:03:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/23 10:38:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 15:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 19:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/18 15:04:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/08 10:37:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2010/01/01 11:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 11:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 11:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 11:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 11:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/07/14 17:28:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Tuto4pc] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell - "" = AutoRun
O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell - "" = AutoRun
O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun
O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun
O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun
O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun
O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun
O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun
O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell - "" = AutoRun
O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun
O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun
O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun
O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun
O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun
O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun
O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 12:27:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Zulu Kings Reed Dance - a set on Flickr_fichiers
[2011/07/21 08:53:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Template
[2011/07/20 13:46:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Google
[2011/07/20 12:30:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\i-Naked.info _ Supporting the right to bare arms and everything else!_fichiers
[2011/07/20 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\148005-wawawawa-swazi-queen-who-cheated-king-mswati-supu-6_fichiers
[2011/07/20 11:18:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\t2-comment-bien-utiliser-google_fichiers
[2011/07/19 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Open Office
[2011/07/18 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Index of _images_Photo Visiteur 2_fichiers
[2011/07/18 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\search_fichiers
[2011/07/18 12:19:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\faience_fichiers
[2011/07/18 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\poser-du-carrelage-mural-pour-la-1ere-fois-a3094_fichiers
[2011/07/17 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\affich-2803862-telecharger-sur-des-sites-comme-index-of_fichiers
[2011/07/17 12:59:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks ido_fichiers
[2011/07/17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Advisories and Vulnerabilities - Google Hacking Database_fichiers
[2011/07/17 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks_fichiers
[2011/07/17 12:29:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\viewer gh_fichiers
[2011/07/16 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\installer-un-evier-a-encastrer_fichiers
[2011/07/16 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Copernic
[2011/07/16 07:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Copernic
[2011/07/16 07:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Copernic Agent
[2011/07/16 07:22:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mp3tag
[2011/07/16 06:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2011/07/15 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\La lettre
[2011/07/15 14:33:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Louvers
[2011/07/15 12:02:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Sali01 _ Flickr - Photo Sharing!_fichiers
[2011/07/15 11:55:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\inTombi 1 _ Flickr - Photo Sharing!_fichiers
[2011/07/15 11:29:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Visitors at the Reed Dance _ Flickr - Photo Sharing!_fichiers
[2011/07/15 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Flickr Zululand Eco-Adventures' Photostream_fichiers
[2011/07/15 11:23:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\umhlanga_fichiers
[2011/07/15 10:53:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Le google hacking _ Lolokai_fichiers
[2011/07/15 10:46:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Comment trouver des Mp3 avec Google - Spi0n.com_fichiers
[2011/07/15 10:14:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\telecharger-micro-hebdo-n-661_fichiers
[2011/07/14 17:44:17 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/14 17:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/14 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/14 17:05:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\viewer_fichiers
[2011/07/13 09:25:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\DIV
[2011/07/13 06:47:59 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 06:47:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 06:47:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 06:47:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 06:47:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 06:47:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 06:47:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 06:47:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 06:47:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 06:47:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 06:47:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 06:47:46 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 06:47:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 06:47:45 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 06:47:45 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 06:47:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 06:47:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 06:47:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 06:47:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 06:47:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 06:47:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 06:47:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 06:47:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/12 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Microsoft IntelliPoint
[2011/07/11 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\imgres vi_fichiers
[2011/07/11 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\danca-dos-maswazi_fichiers
[2011/07/11 08:19:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\swaziland umhlanga festival girl power to the max! « Travel. – Not All Men Are Monsters – Sex. Travel. Food. Life. – Brian Johnston_fichiers
[2011/07/10 09:36:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Amy Nude _ Flickr partage de photos !_fichiers
[2011/07/10 09:26:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\photostream 2_fichiers
[2011/07/10 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\photostream_fichiers
[2011/07/10 09:18:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\African Girl _ Flickr partage de photos !_fichiers
[2011/07/10 08:23:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\346729_fichiers
[2011/07/09 07:05:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\BOOKS 1
[2011/07/08 12:53:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747_fichiers
[2011/07/05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982_fichiers
[2011/07/04 10:02:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Camping, Eclairage,Orientation,Optique
[2011/07/04 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Doc Fixations ,Visserie,Mecanique,
[2011/07/04 09:54:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Transports,
[2011/07/04 09:51:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Docs Madagascar
[2011/07/03 18:49:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité_fichiers
[2011/06/30 16:32:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436_fichiers
[2011/06/29 16:54:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 16:54:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 16:54:01 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 16:54:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 16:54:01 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 16:54:01 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 16:54:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 16:54:00 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 16:54:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 16:54:00 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 16:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 16:54:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 16:54:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 16:54:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 16:54:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 16:53:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 13:14:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\trajet_fichiers
[2011/06/27 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable_fichiers
[2011/06/27 12:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/06/25 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Dossier
[2011/06/23 18:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/21 13:13:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/07/21 12:44:29 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 12:44:29 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 12:41:29 | 002,207,758 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/21 12:41:29 | 001,620,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/21 12:41:29 | 000,416,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/21 12:41:29 | 000,377,956 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/07/21 12:41:29 | 000,050,046 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/07/21 12:37:13 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/21 12:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 12:36:58 | 3214,045,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/21 12:29:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 12:27:12 | 000,097,214 | ---- | M] () -- C:\Users\Paul\Desktop\Zulu Kings Reed Dance - a set on Flickr.htm
[2011/07/21 08:51:55 | 000,000,000 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2011/07/20 20:25:16 | 002,660,120 | ---- | M] () -- C:\Users\Paul\Desktop\N0028932_PDF_1_-1DM.pdf
[2011/07/20 20:10:14 | 000,055,919 | ---- | M] () -- C:\Users\Paul\Desktop\ldlb.pdf
[2011/07/20 12:30:43 | 000,044,535 | ---- | M] () -- C:\Users\Paul\Desktop\i-Naked.info _ Supporting the right to bare arms and everything else!.htm
[2011/07/20 12:23:43 | 000,161,658 | ---- | M] () -- C:\Users\Paul\Desktop\148005-wawawawa-swazi-queen-who-cheated-king-mswati-supu-6.html
[2011/07/20 11:49:23 | 000,209,717 | ---- | M] () -- C:\Users\Paul\Desktop\Topless tradition for tourists.pdf
[2011/07/20 11:18:18 | 000,035,441 | ---- | M] () -- C:\Users\Paul\Desktop\t2-comment-bien-utiliser-google.htm
[2011/07/19 20:54:24 | 000,002,018 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/19 20:53:57 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/19 08:49:00 | 000,067,858 | ---- | M] () -- C:\Users\Paul\Desktop\Capture.PNG
[2011/07/18 17:20:24 | 000,884,937 | ---- | M] () -- C:\Users\Paul\Desktop\Positions.pdf
[2011/07/18 13:36:17 | 000,083,631 | ---- | M] () -- C:\Users\Paul\Desktop\Index of _images_Photo Visiteur 2.htm
[2011/07/18 13:29:04 | 000,166,610 | ---- | M] () -- C:\Users\Paul\Desktop\search.htm
[2011/07/18 12:19:44 | 000,017,452 | ---- | M] () -- C:\Users\Paul\Desktop\faience.htm
[2011/07/18 12:13:38 | 000,114,711 | ---- | M] () -- C:\Users\Paul\Desktop\poser-du-carrelage-mural-pour-la-1ere-fois-a3094.htm
[2011/07/17 18:07:00 | 000,096,756 | ---- | M] () -- C:\Users\Paul\Desktop\affich-2803862-telecharger-sur-des-sites-comme-index-of.htm
[2011/07/17 16:11:30 | 000,024,024 | ---- | M] () -- C:\Users\Paul\Desktop\Index of _wp-content_uploads_2009_10.htm
[2011/07/17 13:03:26 | 000,467,347 | ---- | M] () -- C:\Users\Paul\Desktop\EUROSEC2005-Google_hacking.pdf
[2011/07/17 12:59:53 | 000,032,474 | ---- | M] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks ido.htm
[2011/07/17 12:43:03 | 000,024,892 | ---- | M] () -- C:\Users\Paul\Desktop\Advisories and Vulnerabilities - Google Hacking Database.htm
[2011/07/17 12:42:53 | 000,024,297 | ---- | M] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks.htm
[2011/07/17 12:29:46 | 000,073,175 | ---- | M] () -- C:\Users\Paul\Desktop\viewer gh.htm
[2011/07/16 08:55:16 | 000,367,312 | ---- | M] () -- C:\Users\Paul\Desktop\jr_0027.pdf
[2011/07/16 08:49:42 | 000,063,993 | ---- | M] () -- C:\Users\Paul\Desktop\installer-un-evier-a-encastrer.html
[2011/07/16 06:46:30 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/07/15 12:02:09 | 000,123,861 | ---- | M] () -- C:\Users\Paul\Desktop\Sali01 _ Flickr - Photo Sharing!.htm
[2011/07/15 11:55:29 | 000,128,348 | ---- | M] () -- C:\Users\Paul\Desktop\inTombi 1 _ Flickr - Photo Sharing!.htm
[2011/07/15 11:30:00 | 000,157,802 | ---- | M] () -- C:\Users\Paul\Desktop\Visitors at the Reed Dance _ Flickr - Photo Sharing!.htm
[2011/07/15 11:29:32 | 000,109,860 | ---- | M] () -- C:\Users\Paul\Desktop\Flickr Zululand Eco-Adventures' Photostream.htm
[2011/07/15 11:23:21 | 000,087,255 | ---- | M] () -- C:\Users\Paul\Desktop\umhlanga.htm
[2011/07/15 10:53:04 | 000,041,217 | ---- | M] () -- C:\Users\Paul\Desktop\Le google hacking _ Lolokai.htm
[2011/07/15 10:48:41 | 000,145,857 | ---- | M] () -- C:\Users\Paul\Desktop\Comment trouver des Mp3 avec Google - Spi0n.com.htm
[2011/07/15 10:14:46 | 000,038,444 | ---- | M] () -- C:\Users\Paul\Desktop\telecharger-micro-hebdo-n-661.html
[2011/07/15 09:03:56 | 000,036,143 | ---- | M] () -- C:\Users\Paul\Documents\HENRIETTE.jpg
[2011/07/15 06:41:40 | 000,400,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/14 17:53:24 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 17:28:18 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/14 06:32:36 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job
[2011/07/13 21:11:28 | 000,070,171 | ---- | M] () -- C:\Users\Paul\Desktop\viewer.htm
[2011/07/13 20:46:16 | 000,009,608 | ---- | M] () -- C:\Users\Paul\Documents\Sans nom 2.odt
[2011/07/12 19:09:13 | 000,009,097 | ---- | M] () -- C:\Users\Paul\Documents\Sans nom 1.odt
[2011/07/11 08:23:09 | 000,010,067 | ---- | M] () -- C:\Users\Paul\Desktop\imgres vi.htm
[2011/07/11 08:20:07 | 000,068,368 | ---- | M] () -- C:\Users\Paul\Desktop\danca-dos-maswazi.html
[2011/07/11 08:19:04 | 000,082,464 | ---- | M] () -- C:\Users\Paul\Desktop\swaziland umhlanga festival girl power to the max! « Travel. – Not All Men Are Monsters – Sex. Travel. Food. Life. – Brian Johnston.htm
[2011/07/10 09:36:18 | 000,137,728 | ---- | M] () -- C:\Users\Paul\Desktop\Amy Nude _ Flickr partage de photos !.htm
[2011/07/10 09:26:01 | 000,254,676 | ---- | M] () -- C:\Users\Paul\Desktop\photostream 2.htm
[2011/07/10 09:19:57 | 000,177,526 | ---- | M] () -- C:\Users\Paul\Desktop\photostream.htm
[2011/07/10 09:18:51 | 000,213,239 | ---- | M] () -- C:\Users\Paul\Desktop\African Girl _ Flickr partage de photos !.htm
[2011/07/10 08:23:27 | 000,066,414 | ---- | M] () -- C:\Users\Paul\Desktop\346729.html
[2011/07/10 08:14:45 | 000,201,309 | ---- | M] () -- C:\Users\Paul\Desktop\http _www.flickr.com_photos_photosperso_5767743610_in_photostream_.htm
[2011/07/08 16:40:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/08 12:53:20 | 000,133,638 | ---- | M] () -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747.htm
[2011/07/05 12:29:13 | 000,141,423 | ---- | M] () -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982.html
[2011/07/04 18:48:35 | 000,001,046 | ---- | M] () -- C:\Users\Paul\Desktop\OTL - Raccourci.lnk
[2011/07/04 14:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 14:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 14:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 14:37:39 | 000,129,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2011/07/04 14:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 14:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 14:36:24 | 000,257,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2011/07/04 14:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 14:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 14:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 14:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/03 18:49:53 | 000,085,796 | ---- | M] () -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité.htm
[2011/06/30 16:32:09 | 000,035,711 | ---- | M] () -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436.html
[2011/06/29 13:14:43 | 000,013,966 | ---- | M] () -- C:\Users\Paul\Desktop\trajet.htm
[2011/06/27 13:18:26 | 000,055,583 | ---- | M] () -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable.htm
[2011/06/23 19:07:33 | 000,273,044 | ---- | M] () -- C:\Users\Paul\Documents\numerisation_raboteuse.pdf
[2011/06/23 18:58:59 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/23 18:51:22 | 000,262,253 | ---- | M] () -- C:\Users\Paul\Documents\Jeannot29_Presse_A_Panneaux.pdf
[2011/06/23 18:12:44 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/21 12:27:10 | 000,097,214 | ---- | C] () -- C:\Users\Paul\Desktop\Zulu Kings Reed Dance - a set on Flickr.htm
[2011/07/21 08:51:55 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2011/07/20 20:17:50 | 002,660,120 | ---- | C] () -- C:\Users\Paul\Desktop\N0028932_PDF_1_-1DM.pdf
[2011/07/20 20:10:13 | 000,055,919 | ---- | C] () -- C:\Users\Paul\Desktop\ldlb.pdf
[2011/07/20 12:30:40 | 000,044,535 | ---- | C] () -- C:\Users\Paul\Desktop\i-Naked.info _ Supporting the right to bare arms and everything else!.htm
[2011/07/20 12:23:42 | 000,161,658 | ---- | C] () -- C:\Users\Paul\Desktop\148005-wawawawa-swazi-queen-who-cheated-king-mswati-supu-6.html
[2011/07/20 11:49:05 | 000,209,717 | ---- | C] () -- C:\Users\Paul\Desktop\Topless tradition for tourists.pdf
[2011/07/20 11:18:12 | 000,035,441 | ---- | C] () -- C:\Users\Paul\Desktop\t2-comment-bien-utiliser-google.htm
[2011/07/19 08:48:59 | 000,067,858 | ---- | C] () -- C:\Users\Paul\Desktop\Capture.PNG
[2011/07/18 17:20:24 | 000,884,937 | ---- | C] () -- C:\Users\Paul\Desktop\Positions.pdf
[2011/07/18 13:36:16 | 000,083,631 | ---- | C] () -- C:\Users\Paul\Desktop\Index of _images_Photo Visiteur 2.htm
[2011/07/18 13:29:03 | 000,166,610 | ---- | C] () -- C:\Users\Paul\Desktop\search.htm
[2011/07/18 12:19:43 | 000,017,452 | ---- | C] () -- C:\Users\Paul\Desktop\faience.htm
[2011/07/18 12:13:34 | 000,114,711 | ---- | C] () -- C:\Users\Paul\Desktop\poser-du-carrelage-mural-pour-la-1ere-fois-a3094.htm
[2011/07/17 18:06:59 | 000,096,756 | ---- | C] () -- C:\Users\Paul\Desktop\affich-2803862-telecharger-sur-des-sites-comme-index-of.htm
[2011/07/17 16:11:30 | 000,024,024 | ---- | C] () -- C:\Users\Paul\Desktop\Index of _wp-content_uploads_2009_10.htm
[2011/07/17 13:03:06 | 000,467,347 | ---- | C] () -- C:\Users\Paul\Desktop\EUROSEC2005-Google_hacking.pdf
[2011/07/17 12:59:52 | 000,032,474 | ---- | C] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks ido.htm
[2011/07/17 12:43:02 | 000,024,892 | ---- | C] () -- C:\Users\Paul\Desktop\Advisories and Vulnerabilities - Google Hacking Database.htm
[2011/07/17 12:42:53 | 000,024,297 | ---- | C] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks.htm
[2011/07/17 12:29:46 | 000,073,175 | ---- | C] () -- C:\Users\Paul\Desktop\viewer gh.htm
[2011/07/16 08:55:16 | 000,367,312 | ---- | C] () -- C:\Users\Paul\Desktop\jr_0027.pdf
[2011/07/16 08:49:38 | 000,063,993 | ---- | C] () -- C:\Users\Paul\Desktop\installer-un-evier-a-encastrer.html
[2011/07/16 07:27:40 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copernic Agent Personal.lnk
[2011/07/16 07:27:39 | 000,109,967 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2011/07/16 06:46:30 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/07/15 14:38:21 | 000,036,143 | ---- | C] () -- C:\Users\Paul\Documents\HENRIETTE.jpg
[2011/07/15 12:02:08 | 000,123,861 | ---- | C] () -- C:\Users\Paul\Desktop\Sali01 _ Flickr - Photo Sharing!.htm
[2011/07/15 11:55:28 | 000,128,348 | ---- | C] () -- C:\Users\Paul\Desktop\inTombi 1 _ Flickr - Photo Sharing!.htm
[2011/07/15 11:29:59 | 000,157,802 | ---- | C] () -- C:\Users\Paul\Desktop\Visitors at the Reed Dance _ Flickr - Photo Sharing!.htm
[2011/07/15 11:29:31 | 000,109,860 | ---- | C] () -- C:\Users\Paul\Desktop\Flickr Zululand Eco-Adventures' Photostream.htm
[2011/07/15 11:23:20 | 000,087,255 | ---- | C] () -- C:\Users\Paul\Desktop\umhlanga.htm
[2011/07/15 10:53:03 | 000,041,217 | ---- | C] () -- C:\Users\Paul\Desktop\Le google hacking _ Lolokai.htm
[2011/07/15 10:48:39 | 000,145,857 | ---- | C] () -- C:\Users\Paul\Desktop\Comment trouver des Mp3 avec Google - Spi0n.com.htm
[2011/07/15 10:14:46 | 000,038,444 | ---- | C] () -- C:\Users\Paul\Desktop\telecharger-micro-hebdo-n-661.html
[2011/07/14 17:44:17 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 21:11:27 | 000,070,171 | ---- | C] () -- C:\Users\Paul\Desktop\viewer.htm
[2011/07/13 12:58:23 | 000,009,608 | ---- | C] () -- C:\Users\Paul\Documents\Sans nom 2.odt
[2011/07/12 19:09:11 | 000,009,097 | ---- | C] () -- C:\Users\Paul\Documents\Sans nom 1.odt
[2011/07/11 08:23:08 | 000,010,067 | ---- | C] () -- C:\Users\Paul\Desktop\imgres vi.htm
[2011/07/11 08:20:06 | 000,068,368 | ---- | C] () -- C:\Users\Paul\Desktop\danca-dos-maswazi.html
[2011/07/11 08:19:02 | 000,082,464 | ---- | C] () -- C:\Users\Paul\Desktop\swaziland umhlanga festival girl power to the max! « Travel. – Not All Men Are Monsters – Sex. Travel. Food. Life. – Brian Johnston.htm
[2011/07/10 09:36:17 | 000,137,728 | ---- | C] () -- C:\Users\Paul\Desktop\Amy Nude _ Flickr partage de photos !.htm
[2011/07/10 09:26:00 | 000,254,676 | ---- | C] () -- C:\Users\Paul\Desktop\photostream 2.htm
[2011/07/10 09:19:56 | 000,177,526 | ---- | C] () -- C:\Users\Paul\Desktop\photostream.htm
[2011/07/10 09:18:50 | 000,213,239 | ---- | C] () -- C:\Users\Paul\Desktop\African Girl _ Flickr partage de photos !.htm
[2011/07/10 08:23:26 | 000,066,414 | ---- | C] () -- C:\Users\Paul\Desktop\346729.html
[2011/07/10 08:14:40 | 000,201,309 | ---- | C] () -- C:\Users\Paul\Desktop\http _www.flickr.com_photos_photosperso_5767743610_in_photostream_.htm
[2011/07/10 06:50:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/07/09 19:32:34 | 736,720,498 | ---- | C] () -- C:\Users\Paul\Desktop\Cash.FRENCH.R5.XviD-GHOST.avi
[2011/07/09 19:31:36 | 733,310,976 | ---- | C] () -- C:\Users\Paul\Desktop\City.Hall.French.DVDRiP.avi
[2011/07/08 12:53:18 | 000,133,638 | ---- | C] () -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747.htm
[2011/07/06 21:07:23 | 892,070,332 | ---- | C] () -- C:\Users\Paul\Desktop\Le secret du chevalier d'Eon.avi
[2011/07/06 21:02:37 | 730,216,448 | ---- | C] () -- C:\Users\Paul\Desktop\Secret.Defense.FRENCH.DVDRip.XviD-ZANBiC.avi
[2011/07/06 21:01:23 | 733,782,016 | ---- | C] () -- C:\Users\Paul\Desktop\Wisegal.STV.2008.FRENCH.DVDRiP.XViD-S60.By.Emulix.[emule-island.com].avi
[2011/07/06 21:00:01 | 733,988,864 | ---- | C] () -- C:\Users\Paul\Desktop\F - The Lost Angel (Action Policier 2004).avi
[2011/07/06 20:57:21 | 655,284,560 | ---- | C] () -- C:\Users\Paul\Desktop\Himalaya, le chemin du ciel.avi
[2011/07/05 12:29:11 | 000,141,423 | ---- | C] () -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982.html
[2011/07/05 12:11:20 | 734,076,928 | ---- | C] () -- C:\Users\Paul\Desktop\Australia.FRENCH.DVDRiP.XViD.avi
[2011/07/04 18:48:35 | 000,001,046 | ---- | C] () -- C:\Users\Paul\Desktop\OTL - Raccourci.lnk
[2011/07/03 18:49:52 | 000,085,796 | ---- | C] () -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité.htm
[2011/06/30 16:32:09 | 000,035,711 | ---- | C] () -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436.html
[2011/06/29 13:28:13 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job
[2011/06/29 13:14:29 | 000,013,966 | ---- | C] () -- C:\Users\Paul\Desktop\trajet.htm
[2011/06/27 13:18:25 | 000,055,583 | ---- | C] () -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable.htm
[2011/06/26 21:11:57 | 720,216,064 | ---- | C] () -- C:\Users\Paul\Desktop\L'Arnaque.avi
[2011/06/26 08:03:11 | 001,016,940 | ---- | C] () -- C:\Users\Paul\Documents\Commande no 24351607.pdf
[2011/06/25 17:24:39 | 000,273,044 | ---- | C] () -- C:\Users\Paul\Documents\numerisation_raboteuse.pdf
[2011/06/25 17:24:39 | 000,262,253 | ---- | C] () -- C:\Users\Paul\Documents\Jeannot29_Presse_A_Panneaux.pdf
[2011/06/25 14:42:48 | 000,013,049 | ---- | C] () -- C:\Users\Paul\Documents\Attestation valeur 3.odt
[2011/06/23 18:58:59 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/08 15:01:02 | 000,003,584 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/02 07:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{19A7151B-5487-4BA2-A9DE-3AFE66360AF2}
[2011/05/15 17:25:26 | 000,088,064 | ---- | C] () -- C:\Windows\AMUninst01c.exe
[2011/05/14 21:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{15096A74-3610-455C-A297-2FCA3671C506}
[2011/05/09 19:18:31 | 000,000,017 | ---- | C] () -- C:\Users\Paul\AppData\Local\resmon.resmoncfg
[2011/04/12 08:58:19 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/23 01:10:24 | 000,001,854 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\GhostObjGAFix.xml
[2011/01/17 07:47:58 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/07 08:44:08 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2010/11/07 08:44:08 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2010/09/24 08:06:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/11 03:56:43 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/05/11 03:56:43 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/05/11 03:56:43 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/05/11 03:56:43 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/05/11 03:56:43 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/05/11 03:56:43 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/05/11 03:22:24 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/11 03:22:24 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/01/09 02:31:36 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/04/01 12:58:02 | 000,005,260 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.caffeinatedmind.Sendoid
[2011/07/16 07:27:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Copernic
[2010/09/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DigitalPersona
[2010/09/15 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\eMule
[2011/05/13 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0
[2011/07/19 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mp3tag
[2010/09/24 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2010/10/18 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OutWit
[2011/05/19 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Scribus
[2011/06/06 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stellarium
[2011/07/21 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template
[2011/06/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WildTangent
[2011/02/08 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ZTEEVDO
[2010/09/28 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs
[2011/07/20 17:41:25 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %temp%\smtmp\1\*.* /s >

< %temp%\smtmp\2\*.* /s >

< %temp%\smtmp\4\*.* /s >

< nslookup www.google.fr /c >
Serveur : UnKnown
Address: 127.0.0.1

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/03/30 13:04:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Adobe
[2010/09/19 19:01:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2011/03/30 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.caffeinatedmind.Sendoid
[2011/07/16 07:27:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Copernic
[2011/04/12 08:58:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Corel
[2010/09/15 22:23:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CyberLink
[2010/09/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DigitalPersona
[2010/09/15 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\eMule
[2011/05/13 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0
[2011/02/01 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Hewlett-Packard
[2011/01/19 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HP Support Assistant
[2010/09/15 18:28:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\hpqLog
[2011/01/19 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HpUpdate
[2010/09/15 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Identities
[2010/09/15 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macromedia
[2010/09/15 18:24:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macrovision
[2011/05/18 14:57:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2010/05/11 12:13:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Center Programs
[2011/07/21 08:51:55 | 000,000,000 | --SD | M] -- C:\Users\Paul\AppData\Roaming\Microsoft
[2010/09/15 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla
[2011/07/19 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mp3tag
[2011/02/07 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nero
[2010/09/24 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2010/10/18 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OutWit
[2011/05/19 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Scribus
[2011/06/06 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stellarium
[2011/07/21 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template
[2011/06/21 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\vlc
[2011/06/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WildTangent
[2011/02/08 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ZTEEVDO
[2010/09/28 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CDROM.SYS >
[2009/07/14 02:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 04:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 04:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 04:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 04:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: DISK.SYS >
[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: DWM.EXE >
[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\SysNative\dwm.exe
[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe
[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2010/01/09 09:07:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 09:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/09 09:07:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 09:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 16:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 09:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/01/09 09:07:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 09:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/01/09 09:07:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/08/08 07:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/08 07:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SwSetup\Drivers\IMSM\Winall\Driver\IaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SwSetup\Drivers\IMSM\Winall\Driver64\IaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 09:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 09:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NDIS.SYS >
[2010/11/20 16:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/20 16:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/14 04:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 09:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 09:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: RASACD.SYS >
[2009/07/14 03:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\SysNative\drivers\rasacd.sys
[2009/07/14 03:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys

< MD5 for: RDPCLIP.EXE >
[2010/11/20 16:25:05 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=25D284EB2F12254C001AFE9A82575A81 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6\rdpclip.exe
[2009/07/14 04:39:28 | 000,209,408 | ---- | M] (Microsoft Corporation) MD5=798F5E39068FD3BC9D999A401FAB5F62 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7600.16385_none_5dcb024a24d3315c\rdpclip.exe

< MD5 for: RDPWD.SYS >
[2010/11/20 14:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\SysNative\drivers\rdpwd.sys
[2010/11/20 14:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys
[2009/07/14 03:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SFLOPPY.SYS >
[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\drivers\sfloppy.sys
[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys

< MD5 for: TASKENG.EXE >
[2010/11/02 07:24:43 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=41C52AF44FB96BDDB1EFB25D2D943BBA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe
[2010/11/20 15:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\SysWOW64\taskeng.exe
[2010/11/20 15:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe
[2010/11/02 08:10:47 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=60CAE1FA4888ED41B41AEE91C774E4A2 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_419a75c3d88fecc0\taskeng.exe
[2010/11/20 16:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\SysNative\taskeng.exe
[2010/11/20 16:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe
[2010/11/02 08:16:39 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=84343003E0E6716B3E782FF781B92815 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_425bf162f184fdfc\taskeng.exe
[2009/07/14 04:39:47 | 000,463,872 | ---- | M] (Microsoft Corporation) MD5=C1BDC97E8C9404245DE87F1EF08D1764 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_41a13ed5d88b73fe\taskeng.exe
[2009/07/14 04:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) MD5=DE5DACEBD4C89834EC6D2C41C8643CDA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe
[2010/11/02 07:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=F8952E80B7F778DA2F7AA8393CA2D30E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe

< MD5 for: TASKHOST.EXE >
[2009/07/14 04:39:47 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=3EEFB971D61EF9638FD21F14C703CA11 -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_84339a007406dfa0\taskhost.exe
[2010/11/20 16:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\SysNative\taskhost.exe
[2010/11/20 16:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 08:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/11/20 16:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010/06/14 09:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 08:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/06/14 09:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 04:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/04/25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/04/25 09:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: TDPIPE.SYS >
[2009/07/14 03:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\SysNative\drivers\tdpipe.sys
[2009/07/14 03:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys

< MD5 for: TDTCP.SYS >
[2009/07/14 03:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\SysNative\drivers\tdtcp.sys
[2009/07/14 03:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys

< MD5 for: USBPRINT.SYS >
[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\drivers\usbprint.sys
[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys

< MD5 for: USBSCAN.SYS >
[2009/07/14 03:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysNative\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 03:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/14 04:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< >

< End of report >

Retour en haut of the page up there ^

#15 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 21 juillet 2011 - 10:19

hello,

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

Citation

:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM\..\Run: [] File not found
O4 - HKLM\..\Run: [Tuto4pc] File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell - "" = AutoRun
O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell - "" = AutoRun
O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun
O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun
O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun
O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun
O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun
O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun
O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell - "" = AutoRun
O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun
O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun
O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun
O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun
O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun
O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun
O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe

:Commands
[clearrestorepoints]
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

@++

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

(2 Pages)
←
1
2

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Similar Topics
Sujet	Commencé par	Statistiques	Infos sur le dernier message
[Résolu] Messagerie bloquée par SweetIM Search 1 2	Lul800	14 réponses 317 vues	07 mai 2012 - 09:17 Par : Lul800
[Résolu] search-results.com 1 2 3 5 →	geckel	42 réponses 713 vues	03 mai 2012 - 12:49 Par : geckel
Virus http://fr.search-results.com	jayjay669	2 réponses 443 vues	18 mars 2012 - 02:36 Par : jayjay669
[Résolu] C'est quoi ce truc: http://fr.search-results.com 1 2 3 Depuis que j'ai cela les pages ne sons plus les mêmes	tourfraisetous	25 réponses 1532 vues	02 mars 2012 - 06:56 Par : Apollo
Search Babylon - 1 Comment m'en débarrasser ?	kabel	7 réponses 1159 vues	01 janvier 2012 - 08:58 Par : Tonton
Search Babylon [2]	cluster	1 réponses 450 vues	03 janvier 2012 - 08:46 Par : Tonton
[Résolu] Aide pour éliminer des infections 1 2	JLD95	17 réponses 739 vues	11 octobre 2011 - 06:01 Par : Tonton
Virer Alice Search comment virer ce truc	polpaulin	2 réponses 400 vues	07 octobre 2011 - 06:14 Par : polpaulin
Plus de Firefox et Internet Explorer page Search Impossible de télécharger Firefox	tanaud	1 réponses 972 vues	23 septembre 2011 - 09:15 Par : lexgamer
Avira Search Free Toolbar Plus Web protection 1 2	lou37	11 réponses 3302 vues	14 septembre 2011 - 08:32 Par : Apollo