Aller au contenu

Utilisateur existant ? Connexion
Connexion

Se souvenir de moi Non recommandé sur les ordinateurs partagés

Mot de passe oublié ?
S’inscrire

Analyses et éradication malwares

Pas encore inscrit ?

Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs !

Se connecter

ou

S’inscrire

Eliminer bera share web search

Zorba 1

Par Zorba 1
le 3 juillet 2011 dans Analyses et éradication malwares

Partager

https://forum.zebulon.fr/topic/186379-eliminer-bera-share-web-search/

Messages recommandés

jeanmimigab

Extrem Member

jeanmimigab

Posté(e) le 15 juillet 2011

- Signaler

Posté(e) le 15 juillet 2011

hello,

C'est pas mal, tu as le rapport Malwarebyte's ou bien il n'a rien trouvé ?

@++

Citer

Zorba 1

Member

Zorba 1

Posté(e) le 16 juillet 2011

Auteur

- Signaler

Posté(e) le 16 juillet 2011

Salut,

Le rapport Malawarebytes ne montre plus de fichiers infectés.Bear share a été eliminé.

Merçi pour l'aide.

Voila le rapport Malwarebytes pour info.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Version de la base de données: 7139

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

16/07/2011 08:14:22

mbam-log-2011-07-16 (08-14-22).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 169077

Temps écoulé: 2 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Citer

jeanmimigab

Extrem Member

jeanmimigab

Posté(e) le 16 juillet 2011

- Signaler

Posté(e) le 16 juillet 2011

Bonjours,

OK c'est col,

Fais un scanne OTL comme tu l'as fais la première fois afin que je vois si rien de suspect ne traine sur le PC.

@++

Citer

Zorba 1

Member

Zorba 1

Posté(e) le 21 juillet 2011

Auteur

- Signaler

Posté(e) le 21 juillet 2011

Bonjours,

OK c'est col,

Fais un scanne OTL comme tu l'as fais la première fois afin que je vois si rien de suspect ne traine sur le PC.

@++

Bonjour;

Voila le tout dernier rapport OTL:

Merçi de t etre penché sur ce probleme.

OTL logfile created on: 21/07/2011 13:12:41 - Run 4

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,43% Memory free

7,98 Gb Paging File | 6,54 Gb Available in Paging File | 81,98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 578,94 Gb Total Space | 426,07 Gb Free Space | 73,59% Space Free | Partition Type: NTFS

Drive D: | 596,17 Gb Total Space | 518,96 Gb Free Space | 87,05% Space Free | Partition Type: NTFS

Drive E: | 16,94 Gb Total Space | 2,74 Gb Free Space | 16,15% Space Free | Partition Type: NTFS

Drive F: | 99,34 Mb Total Space | 92,74 Mb Free Space | 93,36% Space Free | Partition Type: FAT32

Drive G: | 58,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()

PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (UDisk Monitor) -- C:\Program Files\MOOV 3G+\bin\MonServiceUDisk.exe ()

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)

SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (NETw5s64) Pilote de carte Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (zteusbser) -- C:\Windows\SysNative\drivers\zteusbser.sys (ZTE Corporation)

DRV:64bit: - (umpusbvista) -- C:\Windows\SysNative\drivers\umpusbvista.sys (Texas Instruments Inc)

DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.useDBForOrder: ""

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/05/11 04:06:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF

FF - HKLM\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/19 20:53:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/19 20:53:54 | 000,000,000 | ---D | M]

[2011/04/16 08:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions

[2010/09/15 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2011/07/19 11:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\gevs52mp.default\extensions

[2011/02/18 14:31:25 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\gevs52mp.default\extensions\tineye@ideeinc.com

[2011/07/19 20:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/09/24 17:03:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/23 10:38:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/16 15:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/09 19:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/05/18 15:04:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2011/07/08 10:37:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll

[2010/01/01 11:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml

[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 11:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 11:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml

[2010/01/01 11:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 11:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/07/14 17:28:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Tuto4pc] File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun

O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun

O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell - "" = AutoRun

O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell - "" = AutoRun

O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell\AutoRun\command - "" = I:\Setup.exe

O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun

O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun

O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun

O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun

O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun

O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun

O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun

O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun

O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell - "" = AutoRun

O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell - "" = AutoRun

O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun

O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun

O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun

O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun

O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun

O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun

O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)

MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)

MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 12:27:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Zulu Kings Reed Dance - a set on Flickr_fichiers

[2011/07/21 08:53:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Template

[2011/07/20 13:46:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Google

[2011/07/20 12:30:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\i-Naked.info _ Supporting the right to bare arms and everything else!_fichiers

[2011/07/20 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\148005-wawawawa-swazi-queen-who-cheated-king-mswati-supu-6_fichiers

[2011/07/20 11:18:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\t2-comment-bien-utiliser-google_fichiers

[2011/07/19 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Open Office

[2011/07/18 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Index of _images_Photo Visiteur 2_fichiers

[2011/07/18 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\search_fichiers

[2011/07/18 12:19:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\faience_fichiers

[2011/07/18 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\poser-du-carrelage-mural-pour-la-1ere-fois-a3094_fichiers

[2011/07/17 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\affich-2803862-telecharger-sur-des-sites-comme-index-of_fichiers

[2011/07/17 12:59:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks ido_fichiers

[2011/07/17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Advisories and Vulnerabilities - Google Hacking Database_fichiers

[2011/07/17 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks_fichiers

[2011/07/17 12:29:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\viewer gh_fichiers

[2011/07/16 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\installer-un-evier-a-encastrer_fichiers

[2011/07/16 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Copernic

[2011/07/16 07:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Copernic

[2011/07/16 07:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Copernic Agent

[2011/07/16 07:22:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mp3tag

[2011/07/16 06:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag

[2011/07/15 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\La lettre

[2011/07/15 14:33:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Louvers

[2011/07/15 12:02:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Sali01 _ Flickr - Photo Sharing!_fichiers

[2011/07/15 11:55:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\inTombi 1 _ Flickr - Photo Sharing!_fichiers

[2011/07/15 11:29:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Visitors at the Reed Dance _ Flickr - Photo Sharing!_fichiers

[2011/07/15 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Flickr Zululand Eco-Adventures' Photostream_fichiers

[2011/07/15 11:23:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\umhlanga_fichiers

[2011/07/15 10:53:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Le google hacking _ Lolokai_fichiers

[2011/07/15 10:46:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Comment trouver des Mp3 avec Google - Spi0n.com_fichiers

[2011/07/15 10:14:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\telecharger-micro-hebdo-n-661_fichiers

[2011/07/14 17:44:17 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/14 17:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/14 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/07/14 17:05:06 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/13 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\viewer_fichiers

[2011/07/13 09:25:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\DIV

[2011/07/13 06:47:59 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2011/07/13 06:47:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2011/07/13 06:47:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2011/07/13 06:47:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2011/07/13 06:47:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2011/07/13 06:47:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2011/07/13 06:47:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2011/07/13 06:47:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/07/13 06:47:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2011/07/13 06:47:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2011/07/13 06:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2011/07/13 06:47:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2011/07/13 06:47:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2011/07/13 06:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2011/07/13 06:47:46 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2011/07/13 06:47:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2011/07/13 06:47:45 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2011/07/13 06:47:45 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2011/07/13 06:47:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2011/07/13 06:47:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2011/07/13 06:47:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2011/07/13 06:47:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2011/07/13 06:47:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2011/07/13 06:47:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2011/07/13 06:47:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2011/07/13 06:47:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2011/07/12 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Microsoft IntelliPoint

[2011/07/11 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\imgres vi_fichiers

[2011/07/11 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\danca-dos-maswazi_fichiers

[2011/07/11 08:19:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\swaziland umhlanga festival girl power to the max! « Travel. – Not All Men Are Monsters – Sex. Travel. Food. Life. – Brian Johnston_fichiers

[2011/07/10 09:36:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Amy Nude _ Flickr partage de photos !_fichiers

[2011/07/10 09:26:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\photostream 2_fichiers

[2011/07/10 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\photostream_fichiers

[2011/07/10 09:18:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\African Girl _ Flickr partage de photos !_fichiers

[2011/07/10 08:23:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\346729_fichiers

[2011/07/09 07:05:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\BOOKS 1

[2011/07/08 12:53:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747_fichiers

[2011/07/05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982_fichiers

[2011/07/04 10:02:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Camping, Eclairage,Orientation,Optique

[2011/07/04 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Doc Fixations ,Visserie,Mecanique,

[2011/07/04 09:54:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Transports,

[2011/07/04 09:51:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Docs Madagascar

[2011/07/03 18:49:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité_fichiers

[2011/06/30 16:32:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436_fichiers

[2011/06/29 16:54:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2011/06/29 16:54:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2011/06/29 16:54:01 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2011/06/29 16:54:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2011/06/29 16:54:01 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2011/06/29 16:54:01 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2011/06/29 16:54:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2011/06/29 16:54:00 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2011/06/29 16:54:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2011/06/29 16:54:00 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2011/06/29 16:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2011/06/29 16:54:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2011/06/29 16:54:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll

[2011/06/29 16:54:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2011/06/29 16:54:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2011/06/29 16:53:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2011/06/29 13:14:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\trajet_fichiers

[2011/06/27 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable_fichiers

[2011/06/27 12:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2011/06/25 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Dossier

[2011/06/23 18:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}

[2 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/21 13:13:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/07/21 12:44:29 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/21 12:44:29 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/21 12:41:29 | 002,207,758 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/21 12:41:29 | 001,620,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/21 12:41:29 | 000,416,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/21 12:41:29 | 000,377,956 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2011/07/21 12:41:29 | 000,050,046 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2011/07/21 12:37:13 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/21 12:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/21 12:36:58 | 3214,045,184 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/21 12:29:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/21 12:27:12 | 000,097,214 | ---- | M] () -- C:\Users\Paul\Desktop\Zulu Kings Reed Dance - a set on Flickr.htm

[2011/07/21 08:51:55 | 000,000,000 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat

[2011/07/20 20:25:16 | 002,660,120 | ---- | M] () -- C:\Users\Paul\Desktop\N0028932_PDF_1_-1DM.pdf

[2011/07/20 20:10:14 | 000,055,919 | ---- | M] () -- C:\Users\Paul\Desktop\ldlb.pdf

[2011/07/20 12:30:43 | 000,044,535 | ---- | M] () -- C:\Users\Paul\Desktop\i-Naked.info _ Supporting the right to bare arms and everything else!.htm

[2011/07/20 12:23:43 | 000,161,658 | ---- | M] () -- C:\Users\Paul\Desktop\148005-wawawawa-swazi-queen-who-cheated-king-mswati-supu-6.html

[2011/07/20 11:49:23 | 000,209,717 | ---- | M] () -- C:\Users\Paul\Desktop\Topless tradition for tourists.pdf

[2011/07/20 11:18:18 | 000,035,441 | ---- | M] () -- C:\Users\Paul\Desktop\t2-comment-bien-utiliser-google.htm

[2011/07/19 20:54:24 | 000,002,018 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/19 20:53:57 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/07/19 08:49:00 | 000,067,858 | ---- | M] () -- C:\Users\Paul\Desktop\Capture.PNG

[2011/07/18 17:20:24 | 000,884,937 | ---- | M] () -- C:\Users\Paul\Desktop\Positions.pdf

[2011/07/18 13:36:17 | 000,083,631 | ---- | M] () -- C:\Users\Paul\Desktop\Index of _images_Photo Visiteur 2.htm

[2011/07/18 13:29:04 | 000,166,610 | ---- | M] () -- C:\Users\Paul\Desktop\search.htm

[2011/07/18 12:19:44 | 000,017,452 | ---- | M] () -- C:\Users\Paul\Desktop\faience.htm

[2011/07/18 12:13:38 | 000,114,711 | ---- | M] () -- C:\Users\Paul\Desktop\poser-du-carrelage-mural-pour-la-1ere-fois-a3094.htm

[2011/07/17 18:07:00 | 000,096,756 | ---- | M] () -- C:\Users\Paul\Desktop\affich-2803862-telecharger-sur-des-sites-comme-index-of.htm

[2011/07/17 16:11:30 | 000,024,024 | ---- | M] () -- C:\Users\Paul\Desktop\Index of _wp-content_uploads_2009_10.htm

[2011/07/17 13:03:26 | 000,467,347 | ---- | M] () -- C:\Users\Paul\Desktop\EUROSEC2005-Google_hacking.pdf

[2011/07/17 12:59:53 | 000,032,474 | ---- | M] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks ido.htm

[2011/07/17 12:43:03 | 000,024,892 | ---- | M] () -- C:\Users\Paul\Desktop\Advisories and Vulnerabilities - Google Hacking Database.htm

[2011/07/17 12:42:53 | 000,024,297 | ---- | M] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks.htm

[2011/07/17 12:29:46 | 000,073,175 | ---- | M] () -- C:\Users\Paul\Desktop\viewer gh.htm

[2011/07/16 08:55:16 | 000,367,312 | ---- | M] () -- C:\Users\Paul\Desktop\jr_0027.pdf

[2011/07/16 08:49:42 | 000,063,993 | ---- | M] () -- C:\Users\Paul\Desktop\installer-un-evier-a-encastrer.html

[2011/07/16 06:46:30 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk

[2011/07/15 12:02:09 | 000,123,861 | ---- | M] () -- C:\Users\Paul\Desktop\Sali01 _ Flickr - Photo Sharing!.htm

[2011/07/15 11:55:29 | 000,128,348 | ---- | M] () -- C:\Users\Paul\Desktop\inTombi 1 _ Flickr - Photo Sharing!.htm

[2011/07/15 11:30:00 | 000,157,802 | ---- | M] () -- C:\Users\Paul\Desktop\Visitors at the Reed Dance _ Flickr - Photo Sharing!.htm

[2011/07/15 11:29:32 | 000,109,860 | ---- | M] () -- C:\Users\Paul\Desktop\Flickr Zululand Eco-Adventures' Photostream.htm

[2011/07/15 11:23:21 | 000,087,255 | ---- | M] () -- C:\Users\Paul\Desktop\umhlanga.htm

[2011/07/15 10:53:04 | 000,041,217 | ---- | M] () -- C:\Users\Paul\Desktop\Le google hacking _ Lolokai.htm

[2011/07/15 10:48:41 | 000,145,857 | ---- | M] () -- C:\Users\Paul\Desktop\Comment trouver des Mp3 avec Google - Spi0n.com.htm

[2011/07/15 10:14:46 | 000,038,444 | ---- | M] () -- C:\Users\Paul\Desktop\telecharger-micro-hebdo-n-661.html

[2011/07/15 09:03:56 | 000,036,143 | ---- | M] () -- C:\Users\Paul\Documents\HENRIETTE.jpg

[2011/07/15 06:41:40 | 000,400,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/14 17:53:24 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/14 17:28:18 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011/07/14 06:32:36 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job

[2011/07/13 21:11:28 | 000,070,171 | ---- | M] () -- C:\Users\Paul\Desktop\viewer.htm

[2011/07/13 20:46:16 | 000,009,608 | ---- | M] () -- C:\Users\Paul\Documents\Sans nom 2.odt

[2011/07/12 19:09:13 | 000,009,097 | ---- | M] () -- C:\Users\Paul\Documents\Sans nom 1.odt

[2011/07/11 08:23:09 | 000,010,067 | ---- | M] () -- C:\Users\Paul\Desktop\imgres vi.htm

[2011/07/11 08:20:07 | 000,068,368 | ---- | M] () -- C:\Users\Paul\Desktop\danca-dos-maswazi.html

[2011/07/11 08:19:04 | 000,082,464 | ---- | M] () -- C:\Users\Paul\Desktop\swaziland umhlanga festival girl power to the max! « Travel. – Not All Men Are Monsters – Sex. Travel. Food. Life. – Brian Johnston.htm

[2011/07/10 09:36:18 | 000,137,728 | ---- | M] () -- C:\Users\Paul\Desktop\Amy Nude _ Flickr partage de photos !.htm

[2011/07/10 09:26:01 | 000,254,676 | ---- | M] () -- C:\Users\Paul\Desktop\photostream 2.htm

[2011/07/10 09:19:57 | 000,177,526 | ---- | M] () -- C:\Users\Paul\Desktop\photostream.htm

[2011/07/10 09:18:51 | 000,213,239 | ---- | M] () -- C:\Users\Paul\Desktop\African Girl _ Flickr partage de photos !.htm

[2011/07/10 08:23:27 | 000,066,414 | ---- | M] () -- C:\Users\Paul\Desktop\346729.html

[2011/07/10 08:14:45 | 000,201,309 | ---- | M] () -- C:\Users\Paul\Desktop\http _www.flickr.com_photos_photosperso_5767743610_in_photostream_.htm

[2011/07/08 16:40:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/07/08 12:53:20 | 000,133,638 | ---- | M] () -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747.htm

[2011/07/05 12:29:13 | 000,141,423 | ---- | M] () -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982.html

[2011/07/04 18:48:35 | 000,001,046 | ---- | M] () -- C:\Users\Paul\Desktop\OTL - Raccourci.lnk

[2011/07/04 14:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/07/04 14:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/07/04 14:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/07/04 14:37:39 | 000,129,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys

[2011/07/04 14:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/07/04 14:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/07/04 14:36:24 | 000,257,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys

[2011/07/04 14:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/07/04 14:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/07/04 14:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/07/04 14:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/07/03 18:49:53 | 000,085,796 | ---- | M] () -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité.htm

[2011/06/30 16:32:09 | 000,035,711 | ---- | M] () -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436.html

[2011/06/29 13:14:43 | 000,013,966 | ---- | M] () -- C:\Users\Paul\Desktop\trajet.htm

[2011/06/27 13:18:26 | 000,055,583 | ---- | M] () -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable.htm

[2011/06/23 19:07:33 | 000,273,044 | ---- | M] () -- C:\Users\Paul\Documents\numerisation_raboteuse.pdf

[2011/06/23 18:58:59 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2011/06/23 18:51:22 | 000,262,253 | ---- | M] () -- C:\Users\Paul\Documents\Jeannot29_Presse_A_Panneaux.pdf

[2011/06/23 18:12:44 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/21 12:27:10 | 000,097,214 | ---- | C] () -- C:\Users\Paul\Desktop\Zulu Kings Reed Dance - a set on Flickr.htm

[2011/07/21 08:51:55 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat

[2011/07/20 20:17:50 | 002,660,120 | ---- | C] () -- C:\Users\Paul\Desktop\N0028932_PDF_1_-1DM.pdf

[2011/07/20 20:10:13 | 000,055,919 | ---- | C] () -- C:\Users\Paul\Desktop\ldlb.pdf

[2011/07/20 12:30:40 | 000,044,535 | ---- | C] () -- C:\Users\Paul\Desktop\i-Naked.info _ Supporting the right to bare arms and everything else!.htm

[2011/07/20 12:23:42 | 000,161,658 | ---- | C] () -- C:\Users\Paul\Desktop\148005-wawawawa-swazi-queen-who-cheated-king-mswati-supu-6.html

[2011/07/20 11:49:05 | 000,209,717 | ---- | C] () -- C:\Users\Paul\Desktop\Topless tradition for tourists.pdf

[2011/07/20 11:18:12 | 000,035,441 | ---- | C] () -- C:\Users\Paul\Desktop\t2-comment-bien-utiliser-google.htm

[2011/07/19 08:48:59 | 000,067,858 | ---- | C] () -- C:\Users\Paul\Desktop\Capture.PNG

[2011/07/18 17:20:24 | 000,884,937 | ---- | C] () -- C:\Users\Paul\Desktop\Positions.pdf

[2011/07/18 13:36:16 | 000,083,631 | ---- | C] () -- C:\Users\Paul\Desktop\Index of _images_Photo Visiteur 2.htm

[2011/07/18 13:29:03 | 000,166,610 | ---- | C] () -- C:\Users\Paul\Desktop\search.htm

[2011/07/18 12:19:43 | 000,017,452 | ---- | C] () -- C:\Users\Paul\Desktop\faience.htm

[2011/07/18 12:13:34 | 000,114,711 | ---- | C] () -- C:\Users\Paul\Desktop\poser-du-carrelage-mural-pour-la-1ere-fois-a3094.htm

[2011/07/17 18:06:59 | 000,096,756 | ---- | C] () -- C:\Users\Paul\Desktop\affich-2803862-telecharger-sur-des-sites-comme-index-of.htm

[2011/07/17 16:11:30 | 000,024,024 | ---- | C] () -- C:\Users\Paul\Desktop\Index of _wp-content_uploads_2009_10.htm

[2011/07/17 13:03:06 | 000,467,347 | ---- | C] () -- C:\Users\Paul\Desktop\EUROSEC2005-Google_hacking.pdf

[2011/07/17 12:59:52 | 000,032,474 | ---- | C] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks ido.htm

[2011/07/17 12:43:02 | 000,024,892 | ---- | C] () -- C:\Users\Paul\Desktop\Advisories and Vulnerabilities - Google Hacking Database.htm

[2011/07/17 12:42:53 | 000,024,297 | ---- | C] () -- C:\Users\Paul\Desktop\Google Hacking Database, GHDB, Google Dorks.htm

[2011/07/17 12:29:46 | 000,073,175 | ---- | C] () -- C:\Users\Paul\Desktop\viewer gh.htm

[2011/07/16 08:55:16 | 000,367,312 | ---- | C] () -- C:\Users\Paul\Desktop\jr_0027.pdf

[2011/07/16 08:49:38 | 000,063,993 | ---- | C] () -- C:\Users\Paul\Desktop\installer-un-evier-a-encastrer.html

[2011/07/16 07:27:40 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copernic Agent Personal.lnk

[2011/07/16 07:27:39 | 000,109,967 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe

[2011/07/16 06:46:30 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk

[2011/07/15 14:38:21 | 000,036,143 | ---- | C] () -- C:\Users\Paul\Documents\HENRIETTE.jpg

[2011/07/15 12:02:08 | 000,123,861 | ---- | C] () -- C:\Users\Paul\Desktop\Sali01 _ Flickr - Photo Sharing!.htm

[2011/07/15 11:55:28 | 000,128,348 | ---- | C] () -- C:\Users\Paul\Desktop\inTombi 1 _ Flickr - Photo Sharing!.htm

[2011/07/15 11:29:59 | 000,157,802 | ---- | C] () -- C:\Users\Paul\Desktop\Visitors at the Reed Dance _ Flickr - Photo Sharing!.htm

[2011/07/15 11:29:31 | 000,109,860 | ---- | C] () -- C:\Users\Paul\Desktop\Flickr Zululand Eco-Adventures' Photostream.htm

[2011/07/15 11:23:20 | 000,087,255 | ---- | C] () -- C:\Users\Paul\Desktop\umhlanga.htm

[2011/07/15 10:53:03 | 000,041,217 | ---- | C] () -- C:\Users\Paul\Desktop\Le google hacking _ Lolokai.htm

[2011/07/15 10:48:39 | 000,145,857 | ---- | C] () -- C:\Users\Paul\Desktop\Comment trouver des Mp3 avec Google - Spi0n.com.htm

[2011/07/15 10:14:46 | 000,038,444 | ---- | C] () -- C:\Users\Paul\Desktop\telecharger-micro-hebdo-n-661.html

[2011/07/14 17:44:17 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 21:11:27 | 000,070,171 | ---- | C] () -- C:\Users\Paul\Desktop\viewer.htm

[2011/07/13 12:58:23 | 000,009,608 | ---- | C] () -- C:\Users\Paul\Documents\Sans nom 2.odt

[2011/07/12 19:09:11 | 000,009,097 | ---- | C] () -- C:\Users\Paul\Documents\Sans nom 1.odt

[2011/07/11 08:23:08 | 000,010,067 | ---- | C] () -- C:\Users\Paul\Desktop\imgres vi.htm

[2011/07/11 08:20:06 | 000,068,368 | ---- | C] () -- C:\Users\Paul\Desktop\danca-dos-maswazi.html

[2011/07/11 08:19:02 | 000,082,464 | ---- | C] () -- C:\Users\Paul\Desktop\swaziland umhlanga festival girl power to the max! « Travel. – Not All Men Are Monsters – Sex. Travel. Food. Life. – Brian Johnston.htm

[2011/07/10 09:36:17 | 000,137,728 | ---- | C] () -- C:\Users\Paul\Desktop\Amy Nude _ Flickr partage de photos !.htm

[2011/07/10 09:26:00 | 000,254,676 | ---- | C] () -- C:\Users\Paul\Desktop\photostream 2.htm

[2011/07/10 09:19:56 | 000,177,526 | ---- | C] () -- C:\Users\Paul\Desktop\photostream.htm

[2011/07/10 09:18:50 | 000,213,239 | ---- | C] () -- C:\Users\Paul\Desktop\African Girl _ Flickr partage de photos !.htm

[2011/07/10 08:23:26 | 000,066,414 | ---- | C] () -- C:\Users\Paul\Desktop\346729.html

[2011/07/10 08:14:40 | 000,201,309 | ---- | C] () -- C:\Users\Paul\Desktop\http _www.flickr.com_photos_photosperso_5767743610_in_photostream_.htm

[2011/07/10 06:50:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/07/09 19:32:34 | 736,720,498 | ---- | C] () -- C:\Users\Paul\Desktop\Cash.FRENCH.R5.XviD-GHOST.avi

[2011/07/09 19:31:36 | 733,310,976 | ---- | C] () -- C:\Users\Paul\Desktop\City.Hall.French.DVDRiP.avi

[2011/07/08 12:53:18 | 000,133,638 | ---- | C] () -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747.htm

[2011/07/06 21:07:23 | 892,070,332 | ---- | C] () -- C:\Users\Paul\Desktop\Le secret du chevalier d'Eon.avi

[2011/07/06 21:02:37 | 730,216,448 | ---- | C] () -- C:\Users\Paul\Desktop\Secret.Defense.FRENCH.DVDRip.XviD-ZANBiC.avi

[2011/07/06 21:01:23 | 733,782,016 | ---- | C] () -- C:\Users\Paul\Desktop\Wisegal.STV.2008.FRENCH.DVDRiP.XViD-S60.By.Emulix.[emule-island.com].avi

[2011/07/06 21:00:01 | 733,988,864 | ---- | C] () -- C:\Users\Paul\Desktop\F - The Lost Angel (Action Policier 2004).avi

[2011/07/06 20:57:21 | 655,284,560 | ---- | C] () -- C:\Users\Paul\Desktop\Himalaya, le chemin du ciel.avi

[2011/07/05 12:29:11 | 000,141,423 | ---- | C] () -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982.html

[2011/07/05 12:11:20 | 734,076,928 | ---- | C] () -- C:\Users\Paul\Desktop\Australia.FRENCH.DVDRiP.XViD.avi

[2011/07/04 18:48:35 | 000,001,046 | ---- | C] () -- C:\Users\Paul\Desktop\OTL - Raccourci.lnk

[2011/07/03 18:49:52 | 000,085,796 | ---- | C] () -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité.htm

[2011/06/30 16:32:09 | 000,035,711 | ---- | C] () -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436.html

[2011/06/29 13:28:13 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job

[2011/06/29 13:14:29 | 000,013,966 | ---- | C] () -- C:\Users\Paul\Desktop\trajet.htm

[2011/06/27 13:18:25 | 000,055,583 | ---- | C] () -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable.htm

[2011/06/26 21:11:57 | 720,216,064 | ---- | C] () -- C:\Users\Paul\Desktop\L'Arnaque.avi

[2011/06/26 08:03:11 | 001,016,940 | ---- | C] () -- C:\Users\Paul\Documents\Commande no 24351607.pdf

[2011/06/25 17:24:39 | 000,273,044 | ---- | C] () -- C:\Users\Paul\Documents\numerisation_raboteuse.pdf

[2011/06/25 17:24:39 | 000,262,253 | ---- | C] () -- C:\Users\Paul\Documents\Jeannot29_Presse_A_Panneaux.pdf

[2011/06/25 14:42:48 | 000,013,049 | ---- | C] () -- C:\Users\Paul\Documents\Attestation valeur 3.odt

[2011/06/23 18:58:59 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2011/06/08 15:01:02 | 000,003,584 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/02 07:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{19A7151B-5487-4BA2-A9DE-3AFE66360AF2}

[2011/05/15 17:25:26 | 000,088,064 | ---- | C] () -- C:\Windows\AMUninst01c.exe

[2011/05/14 21:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{15096A74-3610-455C-A297-2FCA3671C506}

[2011/05/09 19:18:31 | 000,000,017 | ---- | C] () -- C:\Users\Paul\AppData\Local\resmon.resmoncfg

[2011/04/12 08:58:19 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/03/23 01:10:24 | 000,001,854 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\GhostObjGAFix.xml

[2011/01/17 07:47:58 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/11/07 08:44:08 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini

[2010/11/07 08:44:08 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini

[2010/09/24 08:06:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/05/11 03:56:43 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2010/05/11 03:56:43 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2010/05/11 03:56:43 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2010/05/11 03:56:43 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2010/05/11 03:56:43 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2010/05/11 03:56:43 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2010/05/11 03:22:24 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010/05/11 03:22:24 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2010/01/09 02:31:36 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/14 00:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003/04/01 12:58:02 | 000,005,260 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.caffeinatedmind.Sendoid

[2011/07/16 07:27:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Copernic

[2010/09/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DigitalPersona

[2010/09/15 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\eMule

[2011/05/13 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0

[2011/07/19 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mp3tag

[2010/09/24 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org

[2010/10/18 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OutWit

[2011/05/19 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Scribus

[2011/06/06 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stellarium

[2011/07/21 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template

[2011/06/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WildTangent

[2011/02/08 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ZTEEVDO

[2010/09/28 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs

[2011/07/20 17:41:25 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %temp%\smtmp\1\*.* /s >

< %temp%\smtmp\2\*.* /s >

< %temp%\smtmp\4\*.* /s >

< nslookup www.google.fr /c >

Serveur : UnKnown

Address: 127.0.0.1

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >

[2011/03/30 13:04:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Adobe

[2010/09/19 19:01:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Apple Computer

[2011/03/30 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.caffeinatedmind.Sendoid

[2011/07/16 07:27:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Copernic

[2011/04/12 08:58:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Corel

[2010/09/15 22:23:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CyberLink

[2010/09/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DigitalPersona

[2010/09/15 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\eMule

[2011/05/13 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0

[2011/02/01 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Hewlett-Packard

[2011/01/19 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HP Support Assistant

[2010/09/15 18:28:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\hpqLog

[2011/01/19 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HpUpdate

[2010/09/15 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Identities

[2010/09/15 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macromedia

[2010/09/15 18:24:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macrovision

[2011/05/18 14:57:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Malwarebytes

[2010/05/11 12:13:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Center Programs

[2011/07/21 08:51:55 | 000,000,000 | --SD | M] -- C:\Users\Paul\AppData\Roaming\Microsoft

[2010/09/15 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla

[2011/07/19 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mp3tag

[2011/02/07 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nero

[2010/09/24 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org

[2010/10/18 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OutWit

[2011/05/19 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Scribus

[2011/06/06 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stellarium

[2011/07/21 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template

[2011/06/21 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\vlc

[2011/06/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WildTangent

[2011/02/08 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ZTEEVDO

[2010/09/28 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CDROM.SYS >

[2009/07/14 02:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys

[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys

[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009/07/14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >

[2009/07/14 04:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe

[2009/07/14 04:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe

[2009/07/14 04:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe

[2009/07/14 04:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: DISK.SYS >

[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys

[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys

[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: DWM.EXE >

[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\SysNative\dwm.exe

[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe

[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe

< MD5 for: EVENTLOG.DLL >

[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >

[2010/01/09 09:07:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe

[2011/02/26 09:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2010/01/09 09:07:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe

[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 09:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 16:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 09:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2010/01/09 09:07:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe

[2011/02/26 09:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2010/01/09 09:07:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTOR.SYS >

[2009/08/08 07:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/08/08 07:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SwSetup\Drivers\IMSM\Winall\Driver\IaStor.sys

[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SwSetup\Drivers\IMSM\Winall\Driver64\IaStor.sys

[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

< MD5 for: IASTORV.SYS >

[2010/11/20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 09:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011/03/11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011/03/11 09:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009/07/14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NDIS.SYS >

[2010/11/20 16:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys

[2010/11/20 16:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

[2009/07/14 04:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >

[2009/07/14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010/11/20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010/11/20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2009/07/14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011/03/11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011/03/11 09:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011/03/11 09:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: RASACD.SYS >

[2009/07/14 03:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\SysNative\drivers\rasacd.sys

[2009/07/14 03:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys

< MD5 for: RDPCLIP.EXE >

[2010/11/20 16:25:05 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=25D284EB2F12254C001AFE9A82575A81 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6\rdpclip.exe

[2009/07/14 04:39:28 | 000,209,408 | ---- | M] (Microsoft Corporation) MD5=798F5E39068FD3BC9D999A401FAB5F62 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7600.16385_none_5dcb024a24d3315c\rdpclip.exe

< MD5 for: RDPWD.SYS >

[2010/11/20 14:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\SysNative\drivers\rdpwd.sys

[2010/11/20 14:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys

[2009/07/14 03:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys

< MD5 for: SCECLI.DLL >

[2009/07/14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010/11/20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010/11/20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SFLOPPY.SYS >

[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\drivers\sfloppy.sys

[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys

[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys

< MD5 for: TASKENG.EXE >

[2010/11/02 07:24:43 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=41C52AF44FB96BDDB1EFB25D2D943BBA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe

[2010/11/20 15:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\SysWOW64\taskeng.exe

[2010/11/20 15:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe

[2010/11/02 08:10:47 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=60CAE1FA4888ED41B41AEE91C774E4A2 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_419a75c3d88fecc0\taskeng.exe

[2010/11/20 16:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\SysNative\taskeng.exe

[2010/11/20 16:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe

[2010/11/02 08:16:39 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=84343003E0E6716B3E782FF781B92815 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_425bf162f184fdfc\taskeng.exe

[2009/07/14 04:39:47 | 000,463,872 | ---- | M] (Microsoft Corporation) MD5=C1BDC97E8C9404245DE87F1EF08D1764 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_41a13ed5d88b73fe\taskeng.exe

[2009/07/14 04:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) MD5=DE5DACEBD4C89834EC6D2C41C8643CDA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe

[2010/11/02 07:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=F8952E80B7F778DA2F7AA8393CA2D30E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe

< MD5 for: TASKHOST.EXE >

[2009/07/14 04:39:47 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=3EEFB971D61EF9638FD21F14C703CA11 -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_84339a007406dfa0\taskhost.exe

[2010/11/20 16:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\SysNative\taskhost.exe

[2010/11/20 16:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe

< MD5 for: TCPIP.SYS >

[2011/04/25 08:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys

[2010/11/20 16:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys

[2010/06/14 09:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys

[2011/04/25 08:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys

[2010/06/14 09:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys

[2009/07/14 04:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

[2011/04/25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\SysNative\drivers\tcpip.sys

[2011/04/25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys

[2011/04/25 09:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: TDPIPE.SYS >

[2009/07/14 03:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\SysNative\drivers\tdpipe.sys

[2009/07/14 03:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys

< MD5 for: TDTCP.SYS >

[2009/07/14 03:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\SysNative\drivers\tdtcp.sys

[2009/07/14 03:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys

< MD5 for: USBPRINT.SYS >

[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\drivers\usbprint.sys

[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys

[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys

< MD5 for: USBSCAN.SYS >

[2009/07/14 03:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysNative\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys

[2009/07/14 03:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys

< MD5 for: USERINIT.EXE >

[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >

[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys

[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys

[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

[2009/07/14 04:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >

[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< >

< End of report >

Citer

jeanmimigab

Extrem Member

jeanmimigab

Posté(e) le 21 juillet 2011

- Signaler

Posté(e) le 21 juillet 2011

hello,

* Fais un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM\..\Run: [] File not found

O4 - HKLM\..\Run: [Tuto4pc] File not found

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found

O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun

O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun

O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell - "" = AutoRun

O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell - "" = AutoRun

O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell\AutoRun\command - "" = I:\Setup.exe

O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun

O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun

O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun

O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun

O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun

O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun

O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun

O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun

O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun

O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell - "" = AutoRun

O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell - "" = AutoRun

O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun

O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun

O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun

O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun

O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun

O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun

O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe

:Commands

[clearrestorepoints]

[emptytemp]

[EMPTYFLASH]

[PURITY]

[RESETHOSTS]

* Cliques sur l'icône "Correction" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport va s'ouvrir

* Copie et colle le rapports dans ta réponse stp...

@++

Citer

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité

Répondre à ce sujet…

× Collé en tant que texte enrichi. Coller en tant que texte brut à la place

Seulement 75 émoticônes maximum sont autorisées.

× Votre lien a été automatiquement intégré. Afficher plutôt comme un lien

× Votre contenu précédent a été rétabli. Vider l’éditeur

× Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

Insérer une image depuis une URL

×

https://forum.zebulon.fr/topic/186379-eliminer-bera-share-web-search/

Aller sur la liste des sujets

En ligne récemment 0 membre est en ligne
- Aucun utilisateur enregistré regarde cette page.

×

×

Créer...