OTL logfile created on: 01/10/2013 19:26:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\patsong\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,29% Memory free 7,82 Gb Paging File | 5,78 Gb Available in Paging File | 73,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,71 Gb Total Space | 398,00 Gb Free Space | 87,15% Space Free | Partition Type: NTFS Drive D: | 456,71 Gb Total Space | 456,65 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Computer Name: PATSONG-PC | User Name: patsong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/10/01 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\patsong\Downloads\OTL (1).exe PRC - [2013/09/10 14:29:07 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/09/10 14:28:36 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/09/10 14:28:36 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/08/28 14:39:01 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/08/01 23:14:03 | 000,103,272 | ---- | M] (Adobe Systems Inc.) -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe PRC - [2013/06/12 16:00:02 | 013,446,464 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe PRC - [2013/06/12 16:00:00 | 000,149,824 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe PRC - [2013/06/10 17:58:38 | 001,966,960 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe PRC - [2013/01/10 15:25:31 | 000,125,176 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe PRC - [2012/08/13 11:22:48 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 11:22:48 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/08/11 05:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe PRC - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2011/05/20 18:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2011/03/30 00:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2007/03/16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/08/01 23:14:03 | 004,773,736 | ---- | M] () -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll MOD - [2013/06/12 15:59:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\Tools.dll MOD - [2013/06/12 15:59:42 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\zip.dll MOD - [2013/06/12 15:59:42 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\jetvm\jvm.dll MOD - [2013/06/12 15:59:42 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetWPSAPI.dll MOD - [2013/06/12 15:59:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\jetrt\baseline720.dll MOD - [2013/06/12 15:59:40 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetworkAPI.dll MOD - [2013/06/12 15:59:38 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\java.dll MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011/08/11 05:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe MOD - [2011/08/11 05:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2013/09/21 12:12:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/09/10 14:29:07 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/09/10 14:28:36 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/09/06 02:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2013/08/29 16:10:30 | 001,073,160 | ---- | M] (Orange SA) [Auto | Stopped] -- C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service) SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/06/10 17:58:38 | 001,966,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe -- (Dedicarz Service) SRV - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2011/03/30 00:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/09/10 14:29:15 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2013/09/10 14:29:15 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2013/03/29 15:14:35 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:[b]64bit:[/b] - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/07/14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/07/14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/04/05 05:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011/02/11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:[b]64bit:[/b] - [2010/12/24 09:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010/10/15 10:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_frFR518 IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files (x86)\Google\Google Updater\2.1.850.19570\npCIDetect11.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () [2013/04/07 11:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {E480F4D1-BE6B-468E-B140-2B2DA5773F4F} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {63A03534-3C7A-4F5C-9BCB-AB671AA84B22} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [ORAHSSSessionManager] "C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" File not found O4 - HKCU..\Run: [FLV Player] C:\Users\patsong\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe File not found O4 - HKCU..\Run: [Orange Installer] "C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe" File not found O4 - HKCU..\Run: [Orange mes contenus] "C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe" /delayed File not found O4 - Startup: C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1408392979 (Mail Migration) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57EFD6E8-5F73-41F3-97E6-621DC55E3DC7}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/09/06 18:09:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: [b]WildTangent CDA[/b] - hkey= - key= - C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP SafeBootMin:[b]64bit:[/b] AppMgmt - Service SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - Service SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/10/01 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\HotLava [2013/10/01 12:01:10 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Local\Big Fish [2013/10/01 12:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish [2013/10/01 12:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient [2013/10/01 11:51:59 | 000,000,000 | ---D | C] -- C:\BigFishCache [2013/10/01 11:38:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/09/30 21:41:40 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shades of Death - Le Roi des Ombres [2013/09/30 21:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shades of Death - Le Roi des Ombres [2013/09/30 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shades of Death - Le Roi des Ombres [2013/09/30 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Web of Deceit - La Veuve Noire [2013/09/30 21:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web of Deceit - La Veuve Noire [2013/09/30 21:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web of Deceit - La Veuve Noire [2013/09/30 18:34:23 | 029,978,944 | ---- | C] (Foxit Corporation ) -- C:\Users\patsong\Desktop\FoxitReader605.0618_enu_Setup.exe [2013/09/29 15:45:09 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\4 Friends Games [2013/09/27 21:16:54 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Argali [2013/09/24 19:02:41 | 000,000,000 | ---D | C] -- C:\net-snmp-compil-win [2013/09/23 09:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/09/23 09:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2013/09/20 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Crown [2013/09/20 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown [2013/09/19 22:09:50 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\CasualMechanics [2013/09/18 08:39:09 | 000,000,000 | ---D | C] -- C:\User Data [2013/09/17 18:10:43 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\GreenSauceGames [2013/09/16 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\GestaltGames [2013/09/16 14:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\GestaltGames [2013/09/15 15:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts [2013/09/14 22:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AstralaxWrapper [2013/09/14 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\PoBros [2013/09/14 17:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PoBros [2013/09/12 21:06:05 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Flood Light Games [2013/09/12 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games [2013/09/11 18:21:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/09/11 18:21:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/09/11 18:21:46 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/09/11 18:21:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/09/11 18:21:46 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/09/11 18:21:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/09/11 18:21:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/09/11 18:21:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/09/11 18:21:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/09/11 18:21:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/09/11 18:21:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/09/11 18:21:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/09/11 18:21:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/11 18:21:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/09/11 18:21:44 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/09/11 18:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangentUninstall724775 [2013/09/11 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Amaranth Games [2013/09/11 14:23:28 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Local\Wildtangent [2013/09/11 14:23:26 | 000,000,000 | ---D | C] -- C:\Windows\wt [2013/09/11 14:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent [2013/09/11 07:31:26 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys [2013/09/11 07:31:24 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/09/11 07:31:23 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/09/11 07:31:23 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/09/11 07:31:23 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/09/11 07:31:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/09/11 07:31:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/09/11 07:31:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/09/11 07:31:23 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/09/11 07:31:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/09/11 07:31:23 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/09/11 07:31:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/09/11 07:31:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/09/11 07:31:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/09/11 07:31:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/09/11 07:31:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/09/11 07:31:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/09/11 07:31:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/09/11 07:31:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/09/11 07:31:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/09/11 07:31:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/09/11 07:31:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/09/11 07:31:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/09/11 07:31:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/09/11 07:31:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/09/11 07:31:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/09/11 07:31:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/09/11 07:31:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/09/11 07:31:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/09/11 07:31:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/09/11 07:31:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/09/11 07:31:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013/09/11 07:31:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/09/11 07:31:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/09/11 07:30:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/09/10 15:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games [2013/09/09 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Princess Isabella [2013/09/08 13:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SulusGames [2013/09/08 10:57:28 | 000,000,000 | ---D | C] -- C:\Users\patsong\Desktop\programme [2013/09/07 00:08:37 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/09/05 11:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/10/01 18:40:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/01 18:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/10/01 17:23:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/01 16:29:30 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013/10/01 12:01:46 | 000,000,231 | ---- | M] () -- C:\Users\Public\Desktop\Encore plus de jeux.url [2013/10/01 12:01:45 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Jeux.lnk [2013/10/01 09:02:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/01 09:02:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/01 08:54:39 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/10/01 08:54:38 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013/10/01 08:54:29 | 3147,685,888 | -HS- | M] () -- C:\hiberfil.sys [2013/09/30 21:54:53 | 000,072,354 | ---- | M] () -- C:\Windows\wininit.ini [2013/09/30 21:41:53 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Jouer à Shades of Death - Le Roi des Ombres.lnk [2013/09/30 18:36:14 | 000,002,050 | ---- | M] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/09/30 18:36:14 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/09/30 18:35:07 | 029,978,944 | ---- | M] (Foxit Corporation ) -- C:\Users\patsong\Desktop\FoxitReader605.0618_enu_Setup.exe [2013/09/30 18:31:48 | 000,000,288 | ---- | M] () -- C:\Users\patsong\Desktop\problème souris - Sécurité - SECURITE - FORUM high-tech (2).url [2013/09/30 10:48:30 | 000,007,618 | ---- | M] () -- C:\Users\patsong\AppData\Local\Resmon.ResmonCfg [2013/09/21 12:12:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/09/21 12:12:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/09/19 18:54:03 | 001,549,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/09/19 18:54:03 | 000,704,464 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013/09/19 18:54:03 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/09/19 18:54:03 | 000,130,770 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013/09/19 18:54:03 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/09/18 08:56:12 | 000,450,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/09/18 08:55:11 | 000,001,160 | ---- | M] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/09/18 08:55:11 | 000,001,000 | ---- | M] () -- C:\Users\patsong\Desktop\Internet Explorer.lnk [2013/09/14 23:47:55 | 000,000,222 | ---- | M] () -- C:\Users\patsong\Desktop\Vivre sans thyroïde dosage levothyrox.url [2013/09/13 23:54:56 | 000,002,693 | ---- | M] () -- C:\Users\patsong\Desktop\Microsoft Office Excel 2007.lnk [2013/09/11 18:37:41 | 000,002,738 | ---- | M] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - packardbell.lnk [2013/09/11 18:37:41 | 000,002,706 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk [2013/09/10 14:29:15 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/09/10 14:29:15 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/09/10 14:29:15 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013/09/06 18:09:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013/09/06 18:00:06 | 000,365,966 | ---- | M] () -- C:\Users\patsong\Documents\cc_20130906_175954.reg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/10/01 12:01:45 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Jeux.lnk [2013/10/01 12:01:45 | 000,000,231 | ---- | C] () -- C:\Users\Public\Desktop\Encore plus de jeux.url [2013/10/01 12:01:10 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk [2013/10/01 12:01:10 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Encore plus de jeux.lnk [2013/09/30 21:41:53 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Jouer à Shades of Death - Le Roi des Ombres.lnk [2013/09/30 18:36:14 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/09/30 18:36:13 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll [2013/09/30 18:31:48 | 000,000,288 | ---- | C] () -- C:\Users\patsong\Desktop\problème souris - Sécurité - SECURITE - FORUM high-tech (2).url [2013/09/30 10:48:30 | 000,007,618 | ---- | C] () -- C:\Users\patsong\AppData\Local\Resmon.ResmonCfg [2013/09/14 23:47:54 | 000,000,222 | ---- | C] () -- C:\Users\patsong\Desktop\Vivre sans thyroïde dosage levothyrox.url [2013/09/11 18:37:41 | 000,002,738 | ---- | C] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - packardbell.lnk [2013/09/11 18:37:40 | 000,002,706 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk [2013/09/06 18:09:35 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013/09/06 18:09:16 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013/09/06 17:59:58 | 000,365,966 | ---- | C] () -- C:\Users\patsong\Documents\cc_20130906_175954.reg [2013/08/27 12:28:37 | 000,234,461 | ---- | C] () -- C:\Users\patsong\AppData\Local\census.cache [2013/08/27 12:28:33 | 000,107,575 | ---- | C] () -- C:\Users\patsong\AppData\Local\ars.cache [2013/08/27 12:06:00 | 000,000,036 | ---- | C] () -- C:\Users\patsong\AppData\Local\housecall.guid.cache [2013/08/10 15:00:28 | 000,000,000 | ---- | C] () -- C:\Users\patsong\AppData\Roaming\SharedSettings.ccs [2013/05/17 18:39:01 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013/03/16 13:47:23 | 000,003,584 | ---- | C] () -- C:\Users\patsong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/16 09:48:59 | 000,001,125 | ---- | C] () -- C:\Users\patsong\Documents - Raccourci.lnk [2013/02/15 15:13:12 | 000,072,354 | ---- | C] () -- C:\Windows\wininit.ini [2013/01/08 22:40:48 | 001,577,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/21 11:51:17 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/10/21 11:51:17 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/10/21 11:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< HKCU\Software >[/color] [HKEY_CURRENT_USER\Software\(null)] [HKEY_CURRENT_USER\Software\Acer] [HKEY_CURRENT_USER\Software\Adobe] [HKEY_CURRENT_USER\Software\AdoreGames] [HKEY_CURRENT_USER\Software\Alawar] [HKEY_CURRENT_USER\Software\AppDataLow] [HKEY_CURRENT_USER\Software\Artogon] [HKEY_CURRENT_USER\Software\AV Technologies] [HKEY_CURRENT_USER\Software\Avira] [HKEY_CURRENT_USER\Software\Big Fish Games] [HKEY_CURRENT_USER\Software\Big Fish Games, Inc.] [HKEY_CURRENT_USER\Software\BigFish] [HKEY_CURRENT_USER\Software\Boonty] [HKEY_CURRENT_USER\Software\Clients] [HKEY_CURRENT_USER\Software\Cyberlink] [HKEY_CURRENT_USER\Software\DSS] [HKEY_CURRENT_USER\Software\Evernote] [HKEY_CURRENT_USER\Software\fijxtuaf] [HKEY_CURRENT_USER\Software\Foxit Software] [HKEY_CURRENT_USER\Software\Fugazo] [HKEY_CURRENT_USER\Software\Gestalt Games] [HKEY_CURRENT_USER\Software\Gogii] [HKEY_CURRENT_USER\Software\Gogii Games] [HKEY_CURRENT_USER\Software\Good games] [HKEY_CURRENT_USER\Software\Google] [HKEY_CURRENT_USER\Software\Hewlett-Packard] [HKEY_CURRENT_USER\Software\HipSoft] [HKEY_CURRENT_USER\Software\HookNetwork] [HKEY_CURRENT_USER\Software\IM Providers] [HKEY_CURRENT_USER\Software\Intel] [HKEY_CURRENT_USER\Software\JavaSoft] [HKEY_CURRENT_USER\Software\kde.org] [HKEY_CURRENT_USER\Software\Licenses] [HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications] [HKEY_CURRENT_USER\Software\Macromedia] [HKEY_CURRENT_USER\Software\Macrovision] [HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware] [HKEY_CURRENT_USER\Software\Meridian93] [HKEY_CURRENT_USER\Software\Microsoft] [HKEY_CURRENT_USER\Software\mozilla] [HKEY_CURRENT_USER\Software\MozillaPlugins] [HKEY_CURRENT_USER\Software\Nero] [HKEY_CURRENT_USER\Software\Netscape] [HKEY_CURRENT_USER\Software\Norton] [HKEY_CURRENT_USER\Software\ODBC] [HKEY_CURRENT_USER\Software\OEM] [HKEY_CURRENT_USER\Software\OpenOffice.org] [HKEY_CURRENT_USER\Software\Orange] [HKEY_CURRENT_USER\Software\Ovogame] [HKEY_CURRENT_USER\Software\Packard Bell] [HKEY_CURRENT_USER\Software\PDF Suite 2013] [HKEY_CURRENT_USER\Software\Piriform] [HKEY_CURRENT_USER\Software\Playrix Entertainment] [HKEY_CURRENT_USER\Software\Policies] [HKEY_CURRENT_USER\Software\PopCap] [HKEY_CURRENT_USER\Software\PuzzleLab] [HKEY_CURRENT_USER\Software\Realtek] [HKEY_CURRENT_USER\Software\rrhghfce] [HKEY_CURRENT_USER\Software\Shaman Games] [HKEY_CURRENT_USER\Software\Silverback Games] [HKEY_CURRENT_USER\Software\Silverback Productions] [HKEY_CURRENT_USER\Software\Skype] [HKEY_CURRENT_USER\Software\Symantec] [HKEY_CURRENT_USER\Software\TeleCharger] [HKEY_CURRENT_USER\Software\Test3D] [HKEY_CURRENT_USER\Software\Trolltech] [HKEY_CURRENT_USER\Software\VSRevoGroup] [HKEY_CURRENT_USER\Software\Wargaming.net] [HKEY_CURRENT_USER\Software\WildTangent] [HKEY_CURRENT_USER\Software\Windows Live Writer] [HKEY_CURRENT_USER\Software\Wow6432Node] [HKEY_CURRENT_USER\Software\ZebHelpProcess Helper] [HKEY_CURRENT_USER\Software\Classes] [color=#A23BEC]< HKLM\Software >[/color] "License_Time" = 0 "RB" = 0 [HKEY_LOCAL_MACHINE\Software\Adobe] [HKEY_LOCAL_MACHINE\Software\AdwCleaner] [HKEY_LOCAL_MACHINE\Software\AGEIA Technologies] [HKEY_LOCAL_MACHINE\Software\Alawar] [HKEY_LOCAL_MACHINE\Software\AppDataLow] [HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.] [HKEY_LOCAL_MACHINE\Software\Avira] [HKEY_LOCAL_MACHINE\Software\Big Fish Games] [HKEY_LOCAL_MACHINE\Software\Boonty] [HKEY_LOCAL_MACHINE\Software\CyberLink] [HKEY_LOCAL_MACHINE\Software\DivXNetworks] [HKEY_LOCAL_MACHINE\Software\DSS] [HKEY_LOCAL_MACHINE\Software\Evernote] [HKEY_LOCAL_MACHINE\Software\Foxit Software] [HKEY_LOCAL_MACHINE\Software\FRANCE TELECOM] [HKEY_LOCAL_MACHINE\Software\FUHU, Inc.] [HKEY_LOCAL_MACHINE\Software\GameInstaller] [HKEY_LOCAL_MACHINE\Software\Google] [HKEY_LOCAL_MACHINE\Software\IM Providers] [HKEY_LOCAL_MACHINE\Software\InstallShield] [HKEY_LOCAL_MACHINE\Software\Intel] [HKEY_LOCAL_MACHINE\Software\JavaSoft] [HKEY_LOCAL_MACHINE\Software\JreMetrics] [HKEY_LOCAL_MACHINE\Software\Licenses] [HKEY_LOCAL_MACHINE\Software\Macromedia] [HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware] [HKEY_LOCAL_MACHINE\Software\Microsoft] [HKEY_LOCAL_MACHINE\Software\Mozilla] [HKEY_LOCAL_MACHINE\Software\MozillaPlugins] [HKEY_LOCAL_MACHINE\Software\Nero] [HKEY_LOCAL_MACHINE\Software\ODBC] [HKEY_LOCAL_MACHINE\Software\OEM] [HKEY_LOCAL_MACHINE\Software\OldTimer Tools] [HKEY_LOCAL_MACHINE\Software\OpenOffice.org] [HKEY_LOCAL_MACHINE\Software\Orange] [HKEY_LOCAL_MACHINE\Software\Packard Bell] [HKEY_LOCAL_MACHINE\Software\Realtek] [HKEY_LOCAL_MACHINE\Software\Realtek Semiconductor Corp.] [HKEY_LOCAL_MACHINE\Software\Skype] [HKEY_LOCAL_MACHINE\Software\Symantec] [HKEY_LOCAL_MACHINE\Software\Thomson] [HKEY_LOCAL_MACHINE\Software\Trolltech] [HKEY_LOCAL_MACHINE\Software\Trymedia Systems] [HKEY_LOCAL_MACHINE\Software\Uniblue] [HKEY_LOCAL_MACHINE\Software\Vittalia] [HKEY_LOCAL_MACHINE\Software\Volatile] [HKEY_LOCAL_MACHINE\Software\webtogo] [HKEY_LOCAL_MACHINE\Software\WildTangent] [HKEY_LOCAL_MACHINE\Software\WinPcap] [HKEY_LOCAL_MACHINE\Software\X-AVCSD] [HKEY_LOCAL_MACHINE\Software\Classes] [HKEY_LOCAL_MACHINE\Software\Clients] [HKEY_LOCAL_MACHINE\Software\Policies] [HKEY_LOCAL_MACHINE\Software\RegisteredApplications] [color=#A23BEC]< HKCU\Software\Microsoft\Command Processor /s >[/color] "CompletionChar" = 9 "DefaultColor" = 0 "EnableExtensions" = 1 "PathCompletionChar" = 9 [color=#A23BEC]< HKLM\Software\Microsoft\Command Processor /s >[/color] "CompletionChar" = 64 "DefaultColor" = 0 "EnableExtensions" = 1 "PathCompletionChar" = 64 [color=#A23BEC]< %Homedrive%\* >[/color] [2013/09/06 18:09:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2011/10/21 11:56:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2013/10/01 08:54:29 | 3147,685,888 | -HS- | M] () -- C:\hiberfil.sys [2013/10/01 08:54:31 | 4196,917,248 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< %Homedrive%\*. >[/color] [2013/02/01 15:42:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013/10/01 13:33:49 | 000,000,000 | ---D | M] -- C:\BigFishCache [2013/08/09 17:33:25 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2012/11/13 17:06:12 | 000,000,000 | -H-D | M] -- C:\book [2013/05/10 22:39:58 | 000,000,000 | ---D | M] -- C:\Boonty [2013/09/30 18:37:02 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013/06/26 12:53:47 | 000,000,000 | ---D | M] -- C:\Games [2012/11/13 17:01:07 | 000,000,000 | -H-D | M] -- C:\Intel [2013/03/16 14:01:15 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013/09/24 19:02:41 | 000,000,000 | ---D | M] -- C:\net-snmp-compil-win [2013/01/08 19:54:12 | 000,000,000 | -H-D | M] -- C:\OEM [2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013/09/06 19:43:14 | 000,000,000 | R--D | M] -- C:\Program Files [2013/10/01 18:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013/10/01 12:00:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\Recovery [2013/10/01 19:28:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013/09/18 08:39:09 | 000,000,000 | ---D | M] -- C:\User Data [2013/08/24 09:52:20 | 000,000,000 | R--D | M] -- C:\Users [2013/10/01 11:38:04 | 000,000,000 | ---D | M] -- C:\Windows [color=#A23BEC]< %Userprofile%\* >[/color] [2013/05/01 10:45:30 | 000,010,888 | ---- | M] () -- C:\Users\patsong\Blackbird.docx [2013/05/01 10:48:37 | 000,011,245 | ---- | M] () -- C:\Users\patsong\Come together.docx [2013/02/16 09:48:59 | 000,001,125 | ---- | M] () -- C:\Users\patsong\Documents - Raccourci.lnk [2013/05/01 10:53:57 | 000,011,481 | ---- | M] () -- C:\Users\patsong\Help.docx [2013/10/01 19:28:43 | 008,912,896 | -HS- | M] () -- C:\Users\patsong\ntuser.dat [2013/10/01 19:28:43 | 000,262,144 | -HS- | M] () -- C:\Users\patsong\ntuser.dat.LOG1 [2013/01/08 19:52:59 | 000,000,000 | -HS- | M] () -- C:\Users\patsong\ntuser.dat.LOG2 [2013/01/08 20:19:21 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2013/01/08 20:19:21 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2013/01/08 20:19:21 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013/09/18 08:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{65c91a8c-201f-11e3-b707-e840f2a6c382}.TM.blf [2013/09/18 08:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{65c91a8c-201f-11e3-b707-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms [2013/09/18 08:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{65c91a8c-201f-11e3-b707-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms [2013/08/28 09:16:16 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{66d1d379-0fae-11e3-ad11-e840f2a6c382}.TM.blf [2013/08/28 09:16:16 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{66d1d379-0fae-11e3-ad11-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms [2013/08/28 09:16:16 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{66d1d379-0fae-11e3-ad11-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms [2013/09/30 21:59:44 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{906e8832-29bc-11e3-a19d-e840f2a6c382}.TM.blf [2013/09/30 21:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{906e8832-29bc-11e3-a19d-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms [2013/09/30 21:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{906e8832-29bc-11e3-a19d-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms [2013/08/02 00:06:33 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{9c89b6ec-faed-11e2-8b49-e840f2a6c382}.TM.blf [2013/08/02 00:06:33 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{9c89b6ec-faed-11e2-8b49-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms [2013/08/02 00:06:33 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{9c89b6ec-faed-11e2-8b49-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms [2013/03/03 00:24:31 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{fb0f5ee6-82f7-11e2-b1c7-e840f2a6c382}.TM.blf [2013/03/03 00:24:31 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{fb0f5ee6-82f7-11e2-b1c7-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms [2013/03/03 00:24:31 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{fb0f5ee6-82f7-11e2-b1c7-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms [2013/01/08 19:53:00 | 000,000,020 | -HS- | M] () -- C:\Users\patsong\ntuser.ini [2013/05/01 10:42:12 | 000,012,539 | ---- | M] () -- C:\Users\patsong\While My Guitar Gently Weeps.docx [color=#A23BEC]< %Userprofile%\*. >[/color] [2013/09/30 15:25:56 | 000,000,000 | -H-D | M] -- C:\Users\patsong\AppData [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Application Data [2013/04/06 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\patsong\chez NINE [2013/06/23 08:19:45 | 000,000,000 | ---D | M] -- C:\Users\patsong\chez nini [2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Contacts [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Cookies [2013/10/01 11:53:15 | 000,000,000 | R--D | M] -- C:\Users\patsong\Desktop [2013/09/19 19:20:13 | 000,000,000 | R--D | M] -- C:\Users\patsong\Documents [2013/10/01 19:25:44 | 000,000,000 | R--D | M] -- C:\Users\patsong\Downloads [2013/09/20 12:29:21 | 000,000,000 | R--D | M] -- C:\Users\patsong\Favorites [2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Links [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Local Settings [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Menu Démarrer [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Mes documents [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Modèles [2013/09/30 15:26:48 | 000,000,000 | R--D | M] -- C:\Users\patsong\Music [2013/10/01 11:36:43 | 000,000,000 | R--D | M] -- C:\Users\patsong\Pictures [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Recent [2013/09/12 21:06:05 | 000,000,000 | R--D | M] -- C:\Users\patsong\Saved Games [2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Searches [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\SendTo [2013/02/05 21:45:03 | 000,000,000 | R--D | M] -- C:\Users\patsong\SkyDrive [2013/05/28 19:22:00 | 000,000,000 | ---D | M] -- C:\Users\patsong\Tracing [2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Videos [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Voisinage d'impression [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Voisinage réseau [color=#A23BEC]< %Allusersprofile%\* >[/color] [color=#A23BEC]< %Allusersprofile%\*. >[/color] [2013/03/19 13:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Absolutist [2013/02/01 17:16:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer [2013/09/30 15:23:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2013/08/01 23:14:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2013/09/14 22:33:11 | 000,000,000 | ---D | M] -- C:\ProgramData\AstralaxWrapper [2013/01/09 19:28:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2013/10/01 12:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish [2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau [2013/09/28 14:56:58 | 000,000,000 | ---D | M] -- C:\ProgramData\casualArts [2013/01/11 22:52:56 | 000,000,000 | ---D | M] -- C:\ProgramData\cerasus.media [2013/09/20 15:58:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Crown [2013/05/02 00:12:56 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2013/09/23 12:39:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Elephant Games [2012/11/13 17:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Evernote [2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2013/09/18 11:35:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Flood Light Games [2013/06/18 19:37:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Floodlight Games [2013/01/16 18:59:03 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames [2012/11/13 17:24:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Fooz Kids [2013/09/16 14:59:53 | 000,000,000 | ---D | M] -- C:\ProgramData\GestaltGames [2013/09/17 23:42:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Google [2013/10/01 16:29:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Google Updater [2012/11/13 17:06:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel [2013/01/09 18:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer [2013/03/16 14:03:32 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2013/09/13 23:55:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2013/02/05 21:44:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft SkyDrive [2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles [2013/03/02 16:06:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2013/08/31 15:01:50 | 000,000,000 | ---D | M] -- C:\ProgramData\MumboJumbo [2011/10/21 11:53:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2013/01/09 19:29:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2011/10/21 11:57:07 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller [2013/01/08 19:54:45 | 000,000,000 | ---D | M] -- C:\ProgramData\oem [2013/09/30 15:23:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Orange [2011/10/21 11:41:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Packard Bell [2013/03/10 23:01:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Particles [2013/09/05 11:17:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Playrix Entertainment [2013/09/14 20:24:14 | 000,000,000 | ---D | M] -- C:\ProgramData\PoBros [2013/05/09 22:55:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Publisher [2013/08/12 12:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2013/09/20 18:45:16 | 000,000,000 | ---D | M] -- C:\ProgramData\SulusGames [2013/05/02 00:35:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2013/10/01 18:20:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2013/03/18 17:41:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TERMINAL Studio [2013/01/09 19:58:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications [2013/09/30 15:26:36 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent [2013/09/11 18:12:42 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangentUninstall724775 [color=#A23BEC]< %LocalAppData%\* >[/color] [2013/08/27 12:28:33 | 000,107,575 | ---- | M] () -- C:\Users\patsong\AppData\Local\ars.cache [2013/08/27 12:28:37 | 000,234,461 | ---- | M] () -- C:\Users\patsong\AppData\Local\census.cache [2013/03/16 13:47:23 | 000,003,584 | ---- | M] () -- C:\Users\patsong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/09/18 08:37:50 | 000,117,224 | ---- | M] () -- C:\Users\patsong\AppData\Local\GDIPFONTCACHEV1.DAT [2013/08/27 12:06:00 | 000,000,036 | ---- | M] () -- C:\Users\patsong\AppData\Local\housecall.guid.cache [2013/10/01 08:53:55 | 002,771,160 | -H-- | M] () -- C:\Users\patsong\AppData\Local\IconCache.db [2013/09/30 10:48:30 | 000,007,618 | ---- | M] () -- C:\Users\patsong\AppData\Local\Resmon.ResmonCfg [color=#A23BEC]< %LocalAppData%\*. >[/color] [2013/09/08 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Adobe [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\AppData\Local\Application Data [2013/01/08 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Apps [2013/08/28 14:27:53 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\avgchrome [2013/10/01 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Big Fish [2013/08/02 07:43:08 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Chronicles of Albian 2 [2013/03/02 15:59:02 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Citrix [2013/09/30 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\CrashDumps [2013/05/02 00:12:21 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Cyberlink [2013/03/02 15:59:01 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Deployment [2013/09/30 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Diagnostics [2013/10/01 11:53:35 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\ElevatedDiagnostics [2013/02/15 14:55:00 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Evernote [2013/09/19 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Google [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\AppData\Local\Historique [2013/02/11 15:23:58 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\JollyBear [2013/07/22 10:08:09 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Microsoft [2013/05/28 19:19:29 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Microsoft Games [2013/02/15 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Microsoft Help [2013/03/02 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Mozilla [2013/03/24 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Murder on the Titanic [2013/03/03 12:25:41 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Orange [2013/01/09 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Programs [2013/01/08 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\SoftGrid Client [2013/04/14 22:51:56 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Tales of Lagoona [2013/10/01 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Temp [2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\AppData\Local\Temporary Internet Files [2013/08/13 08:53:48 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\VirtualStore [2013/09/11 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Wildtangent [2013/09/29 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Windows Live [2013/01/16 23:56:03 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Windows Live Writer [color=#A23BEC]< %Userprofile%\Local Settings\Application Data\* >[/color] [color=#A23BEC]< %Userprofile%\Local Settings\Application Data\*. >[/color] [color=#A23BEC]< %programFiles%\* >[/color] [2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#A23BEC]< %programfiles%\Google\Desktop\Install /s >[/color] [color=#A23BEC]< %programFiles%\*. >[/color] [2013/09/30 18:37:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2013/01/09 19:28:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira [2013/10/01 12:01:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\bfgclient [2013/08/28 19:40:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BoontyGames [2013/08/28 09:03:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2011/10/21 11:59:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink [2012/11/13 17:15:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote [2013/09/23 09:58:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software [2013/09/18 08:25:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google [2013/08/28 09:03:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUMEFFA.tmp [2012/11/13 17:24:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2012/11/13 17:10:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2013/09/11 18:24:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2013/01/08 20:06:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Inventel [2013/05/02 00:34:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2013/04/09 13:58:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jeux.fr [2013/04/18 09:16:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/15 19:30:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft [2013/03/29 16:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2013/07/16 09:04:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2013/02/05 21:45:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SkyDrive [2013/02/15 19:01:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013/03/16 14:03:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio [2013/03/16 14:01:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013/03/16 23:23:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2013/05/27 13:34:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA [2013/05/27 13:32:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2013/04/07 11:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2013/03/16 14:03:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2013/03/16 13:02:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache [2013/01/15 14:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2011/10/21 11:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero [2013/04/27 16:06:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation [2013/05/02 22:01:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3 [2013/09/18 08:46:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Orange [2012/11/13 17:30:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Packard Bell [2013/04/08 22:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade [2012/11/13 17:11:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2013/01/08 22:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Securitoo [2013/09/30 21:41:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shades of Death - Le Roi des Ombres [2013/08/12 12:54:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype [2012/11/13 17:12:08 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp [2009/07/14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2013/03/03 12:26:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wanadoo [2013/09/30 21:55:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Web of Deceit - La Veuve Noire [2013/09/30 15:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames [2013/09/11 14:23:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent [2013/09/11 18:37:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games [2013/07/16 09:05:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2013/07/22 10:21:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live [2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2010/11/21 05:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [color=#A23BEC]< %Systemroot%\Installer\*. >[/color] [2011/10/21 11:40:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$ [2013/04/27 15:56:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI217E.tmp- [2013/08/28 14:25:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI27B2.tmp- [2013/04/27 15:56:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI2FA3.tmp- [2013/08/28 14:25:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI33C5.tmp- [2013/04/27 15:57:01 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI3A21.tmp- [2013/08/28 14:25:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI3E14.tmp- [2013/08/28 14:24:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSIA21.tmp- [2013/08/28 14:24:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSIF1BE.tmp- [2013/08/28 14:24:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSIFAD3.tmp- [2011/10/21 11:53:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{08C8666B-C502-4AB3-B4CB-D74AC42D14FE} [2011/10/21 11:52:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} [2013/06/26 09:05:52 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83217025FF} [2013/03/16 13:00:21 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE} [2013/05/27 13:34:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} [2011/10/21 11:53:32 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{33643918-7957-4839-92C7-EA96CB621A98} [2013/08/12 12:54:10 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} [2011/10/21 11:53:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{523B2B1B-D8DB-4B41-90FF-C4D799E2758A} [2013/02/05 21:47:02 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5F611ADA-B98C-4DBB-ADDE-414F08457ECF} [2013/08/29 19:53:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726} [2011/10/21 11:55:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86} [2011/10/21 11:53:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} [2011/10/21 11:52:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{68AFA3A7-9265-4ABD-994A-ACA413E3715C} [2011/10/21 11:52:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38} [2013/05/02 22:01:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{7DA1C06F-C913-46C7-8A0F-DA2CBA17EA1D} [2013/01/15 14:03:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} [2013/07/16 00:15:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} [2013/09/13 23:55:02 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE} [2013/03/16 14:03:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-002A-0000-1000-0000000FF1CE} [2013/03/16 23:22:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-006E-040C-0000-0000000FF1CE} [2011/10/21 11:53:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{92E25238-61A3-4ACD-A407-3C480EEF47A7} [2013/09/13 23:54:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{95120000-003F-040C-0000-0000000FF1CE} [2013/02/05 22:31:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{97C79BEC-43F7-4BD8-A6A7-85C0257E488A} [2013/04/27 16:05:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C} [2013/05/10 22:50:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61} [2011/10/21 11:55:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C18A0418-442A-4186-AF98-D08F5054A2FC} [2013/03/06 16:54:00 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D6D4646B-BDBA-4EBC-BFDD-8F880F8B6A03} [2013/04/27 16:06:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DEA314C4-0929-4250-BC92-98E4C105F28D} [2011/10/21 11:53:21 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E337E787-CF61-4B7B-B84F-509202A54023} [2011/10/21 12:00:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E3739848-5329-48E3-8D28-5BBD6E8BE384} [2013/01/22 19:15:34 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90} [2013/01/22 19:15:38 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} [2013/02/05 21:47:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F2235E5E-7881-4293-9B6F-04B2609FBFF0} [2011/10/21 11:55:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F6117F9C-ADB5-4590-9BE4-12C7BEC28702} [2011/10/21 11:55:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65} [2013/01/15 14:03:19 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} [color=#A23BEC]< %Systemroot%\Temp\*.exe /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2013/08/10 05:58:05 | 013,761,024 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\ieframe.dll [2013/05/01 03:04:00 | 000,117,248 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\iepeers.dll [color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\*.in* >[/color] [2013/05/01 03:03:59 | 000,025,185 | ---- | M] () -- C:\Windows\system32\ieuinit.inf [2013/07/22 10:21:58 | 000,001,729 | ---- | M] () -- C:\Windows\system32\InstallUtil.InstallLog [2009/07/14 06:55:01 | 000,000,535 | ---- | M] () -- C:\Windows\system32\mapisvc.inf [2013/01/10 21:58:35 | 001,577,122 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI [color=#A23BEC]< %systemroot%\Tasks\* >[/color] [2013/10/01 18:40:00 | 000,001,002 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013/10/01 16:29:30 | 000,001,014 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job [2013/10/01 08:54:39 | 000,001,066 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013/10/01 18:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013/10/01 08:54:36 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2013/08/15 18:35:14 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#A23BEC]< %systemroot%\Tasks\*. >[/color] [color=#A23BEC]< %systemroot%\system32\Tasks\* >[/color] [color=#A23BEC]< %systemroot%\system32\Tasks\*. >[/color] [2009/07/14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\Microsoft [color=#A23BEC]< %systemroot%\system32\drivers\*.sy* /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\config\*.exe /s >[/color] [color=#A23BEC]< %Systemroot%\ServiceProfiles\*.exe /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.sys >[/color] [2009/08/24 14:22:58 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\system32\pcampr5.sys [2009/08/24 14:22:58 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\system32\pcandis5.sys [color=#A23BEC]< dir %Homedrive%\* /S /A:L /C >[/color] Le volume dans le lecteur C s'appelle Packard Bell Le num‚ro de s‚rie du volume est 424F-DA4B R‚pertoire de C:\ 14/07/2009 07:08 Documents and Settings [C:\Users] 0 fichier(s) 0 octets R‚pertoire de C:\Program Files 08/01/2013 19:52 Fichiers communs [C:\Program Files\Common Files] 0 fichier(s) 0 octets R‚pertoire de C:\Program Files\Windows NT 08/01/2013 19:52 Accessoires [C:\Program Files\Windows NT\Accessories] 0 fichier(s) 0 octets R‚pertoire de C:\ProgramData 14/07/2009 07:08 Application Data [C:\ProgramData] 08/01/2013 19:52 Bureau [C:\Users\Public\Desktop] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 08/01/2013 19:52 Favoris [C:\Users\Public\Favorites] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 08/01/2013 19:52 Menu D‚marrer [C:\ProgramData\Microsoft\Windows\Start Menu] 08/01/2013 19:52 ModŠles [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 fichier(s) 0 octets R‚pertoire de C:\ProgramData\Microsoft\Windows\Start Menu 08/01/2013 19:52 Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 fichier(s) 0 octets R‚pertoire de C:\Users 14/07/2009 07:08 All Users [C:\ProgramData] 14/07/2009 07:08 Default User [C:\Users\Default] 0 fichier(s) 0 octets R‚pertoire de C:\Users\All Users 14/07/2009 07:08 Application Data [C:\ProgramData] 08/01/2013 19:52 Bureau [C:\Users\Public\Desktop] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 08/01/2013 19:52 Favoris [C:\Users\Public\Favorites] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 08/01/2013 19:52 Menu D‚marrer [C:\ProgramData\Microsoft\Windows\Start Menu] 08/01/2013 19:52 ModŠles [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 fichier(s) 0 octets R‚pertoire de C:\Users\All Users\Microsoft\Windows\Start Menu 08/01/2013 19:52 Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 fichier(s) 0 octets R‚pertoire de C:\Users\Default 14/07/2009 07:08 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 07:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14/07/2009 07:08 Local Settings [C:\Users\Default\AppData\Local] 08/01/2013 19:52 Menu D‚marrer [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 08/01/2013 19:52 Mes documents [C:\Users\Default\Documents] 08/01/2013 19:52 ModŠles [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14/07/2009 07:08 My Documents [C:\Users\Default\Documents] 14/07/2009 07:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14/07/2009 07:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 07:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 07:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14/07/2009 07:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 08/01/2013 19:52 Voisinage d'impression [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 08/01/2013 19:52 Voisinage r‚seau [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 0 fichier(s) 0 octets R‚pertoire de C:\Users\Default\AppData\Local 14/07/2009 07:08 Application Data [C:\Users\Default\AppData\Local] 08/01/2013 19:52 Historique [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 07:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 07:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 fichier(s) 0 octets R‚pertoire de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 08/01/2013 19:52 Programmes [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 fichier(s) 0 octets R‚pertoire de C:\Users\Default\Documents 08/01/2013 19:52 Ma musique [C:\Users\Default\Music] 08/01/2013 19:52 Mes images [C:\Users\Default\Pictures] 08/01/2013 19:52 Mes vid‚os [C:\Users\Default\Videos] 14/07/2009 07:08 My Music [C:\Users\Default\Music] 14/07/2009 07:08 My Pictures [C:\Users\Default\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Default\Videos] 0 fichier(s) 0 octets R‚pertoire de C:\Users\patsong 08/01/2013 19:53 Application Data [C:\Users\patsong\AppData\Roaming] 08/01/2013 19:53 Cookies [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Cookies] 08/01/2013 19:53 Local Settings [C:\Users\patsong\AppData\Local] 08/01/2013 19:53 Menu D‚marrer [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu] 08/01/2013 19:53 Mes documents [C:\Users\patsong\Documents] 08/01/2013 19:53 ModŠles [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Templates] 08/01/2013 19:53 Recent [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Recent] 08/01/2013 19:53 SendTo [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\SendTo] 08/01/2013 19:53 Voisinage d'impression [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 08/01/2013 19:53 Voisinage r‚seau [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 0 fichier(s) 0 octets R‚pertoire de C:\Users\patsong\AppData\Local 08/01/2013 19:53 Application Data [C:\Users\patsong\AppData\Local] 08/01/2013 19:53 Historique [C:\Users\patsong\AppData\Local\Microsoft\Windows\History] 08/01/2013 19:53 Temporary Internet Files [C:\Users\patsong\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 fichier(s) 0 octets R‚pertoire de C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu 08/01/2013 19:53 Programmes [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 fichier(s) 0 octets R‚pertoire de C:\Users\patsong\Documents 08/01/2013 19:53 Ma musique [C:\Users\patsong\Music] 08/01/2013 19:53 Mes images [C:\Users\patsong\Pictures] 08/01/2013 19:53 Mes vid‚os [C:\Users\patsong\Videos] 0 fichier(s) 0 octets R‚pertoire de C:\Users\Public\Documents 08/01/2013 19:52 Ma musique [C:\Users\Public\Music] 08/01/2013 19:52 Mes images [C:\Users\Public\Pictures] 08/01/2013 19:52 Mes vid‚os [C:\Users\Public\Videos] 14/07/2009 07:08 My Music [C:\Users\Public\Music] 14/07/2009 07:08 My Pictures [C:\Users\Public\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Public\Videos] 0 fichier(s) 0 octets Total des fichiers list‚sÿ: 0 fichier(s) 0 octets 76 R‚p(s) 427ÿ273ÿ809ÿ920 octets libres [color=#A23BEC]< MD5 for: AFD.SYS >[/color] [2011/12/28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys [2011/12/28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys [2011/12/28 06:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys [2010/11/21 05:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011/07/14 07:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011/07/14 07:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys [2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys [2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/07/14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/07/14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/07/14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/07/14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/07/14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/07/14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color] [2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys [2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys [2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys [2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys [2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2012/08/22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys [2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys [2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys [2010/11/21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [color=#A23BEC]< MD5 for: NETBT.SYS >[/color] [2010/11/21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys [2010/11/21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys [color=#A23BEC]< MD5 for: TDX.SYS >[/color] [2010/11/21 05:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys [2010/11/21 05:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys [2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys [2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2013/10/01 13:33:30 | 098,609,238 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᩚ‹ [2013/10/01 13:33:30 | 098,609,238 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᩚ‹ [2013/09/22 18:04:38 | 098,597,466 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\墾傛¢ [2013/09/22 18:04:38 | 098,597,466 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\墾傛¢ [2013/09/20 09:34:58 | 098,453,713 | ---- | M] ()(C:\Windows\SysWow64\???#) -- C:\Windows\SysWow64\꣔쭃# [2013/09/20 09:34:58 | 098,453,713 | ---- | C] ()(C:\Windows\SysWow64\???#) -- C:\Windows\SysWow64\꣔쭃# [2013/09/15 07:11:53 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\?u??) -- C:\Windows\SysWow64\ᑜu” [2013/09/15 07:11:53 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\?u??) -- C:\Windows\SysWow64\ᑜu” [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB @Alternate Data Stream - 401 bytes -> C:\ProgramData\Temp:9F6AB9FA @Alternate Data Stream - 384 bytes -> C:\ProgramData\Temp:831B2461 @Alternate Data Stream - 381 bytes -> C:\ProgramData\Temp:9344C1D9 @Alternate Data Stream - 372 bytes -> C:\ProgramData\Temp:85C5C53E @Alternate Data Stream - 370 bytes -> C:\ProgramData\Temp:A6A0269E @Alternate Data Stream - 365 bytes -> C:\ProgramData\Temp:90E02BAB @Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:2C515259 @Alternate Data Stream - 358 bytes -> C:\ProgramData\Temp:CF52839E @Alternate Data Stream - 356 bytes -> C:\ProgramData\Temp:7898E5D2 @Alternate Data Stream - 354 bytes -> C:\ProgramData\Temp:FB208757 @Alternate Data Stream - 353 bytes -> C:\ProgramData\Temp:A757EEE2 @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:C5D15631 @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:5C42F64A @Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:97427454 @Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:0F64164E @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:C5340FA1 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:7D04F8E2 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:6E65510A @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:282CE153 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:ADEBE9CA @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:EC752217 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:7FD60FAD @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:69F562A6 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:49EB69E2 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:460638C7 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB5AA1E6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:31C9BA96 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9A88B65D @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9338F136 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:7BB20DE8 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6AF6BB0E @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:66F7E5A9 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:26991AB9 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EA10407C @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C0893153 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:B139DDF3 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:B0EA26E5 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:902C848D @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:8FC1A8C4 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:8AE92FD3 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:7D9B1030 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:53F09A92 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:401CAF8F @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2F5A06FD @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1E87A273 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:D987CB43 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9836B5E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8F6B75BF @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8751B175 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:2B9555D8 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:0C9E06A2 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:59465B40 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:32289BE8 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CE3AADB7 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B4530133 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AC9F291E @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:922DA2DB @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:88FB7F72 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:607A99D7 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4EFA2FC7 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:44712999 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3B71586E @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3241739E @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:E94FA418 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:E402E439 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:86B7FDDB @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:398D2775 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:114C90CA @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:0B79AB8D @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E8CB831A @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:841E0E1B @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:54403233 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:371060CE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:18A25CF1 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:104A1C3E @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E40D7F76 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D7D0B4AF @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D1FE35E7 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:CA7E8F16 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6B07419 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:6FF14C72 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:67CF910D @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:491270B8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3ADE134E @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:2339C9FD @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:120E44A4 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0CEE6109 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:02CC0035 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E517FE76 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B5FD4AA1 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A7C40691 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9EDA68BD @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:80FA23CA @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:67E674B0 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4E79C4F8 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4A8EB1C4 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:345A9A38 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0ED1C542 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:092BD83A @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:072CBE6D @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A9562832 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A1FD5369 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:8318A814 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:67A91473 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5CE91C67 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2E928E6E @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:23834E1E @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:17EB5BAE @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:12D9D48F @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EF0F3F33 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B6D84F71 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:85EA4795 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3651A580 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F41E22A9 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBF0842B @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B6E6C4EA @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AAA06E15 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A6FE7BCC @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:96372A73 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6757F885 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:641A21EA @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5A5477A9 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:19474103 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:09629F6E @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:F817E159 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C2E091F5 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C0BCE04B @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B0A727D1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A819A132 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:9254F782 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:8FC568E1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:65484F45 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:60E755E6 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:48D6EA0F @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3480F458 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:16A4620C @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FBA79096 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BD50071F @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BACC4A79 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:AE8FDB48 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:AB0A5A80 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6212DF7A @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:366EFA1A @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:254AD2ED @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:10B970A9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:02172F27 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:94B25DF5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:8075370B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:37C279BE @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:32AE8659 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2AD33723 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:206470A5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:120B3AFD @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F1174C93 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EE2DD6CC @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D434342F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CB3667AF @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B61767F5 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B3196E8D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AD179392 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:952245B1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:759B7D6F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5D570144 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:40DA0795 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CCD8056E @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C0D23A2F @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:92CA7E75 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:79875988 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3969ACF7 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:33B04540 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2F7C40B6 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:12D21A9A @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:041C0562 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EE445D7C @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EDB03249 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C7F08EA3 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BDDA21B6 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8DBCF585 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:84C34762 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5A068EE1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:244E4E3A @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0E5CFA74 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0E22C5DB @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F8C2E3B9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F7BF538D @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EDE28CFC @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CC141B05 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C368C9EA @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BF6C4AAC @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AFC732F7 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:95D421DF @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8A620099 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB584AA @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:59A6876B @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D348522 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:32A82570 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:195E8317 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BACBDD9 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CE506F23 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:927EC486 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8B4C1181 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:762408BA @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:71AEFFEB @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5ACE199E @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4A5CFD3B @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:46283136 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1999DD0A @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:0C1258F3 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FD4C7AD3 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F1175E1D @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C89D1773 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C5E2BAEE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:997DA6D7 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7BE5BAAB @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:678C1866 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4EC7F009 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:3DB6F365 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:3BC173E4 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DE875C30 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C48A983C @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A6E01F67 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9968F0E2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7EB93F0E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:76682252 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4577F5B4 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0785072C @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:04EAB86F @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:04BC9A2C @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D4558A0B @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C0A9B815 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:639BB5E9 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:596E2371 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:59540531 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5539129F @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:036AA5DD @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E5496666 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E2C51D18 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1D06077 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:DF7A2D3E @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D254266B @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B2CCDB69 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9ABA3FF @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:57DFBE4E @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4DDE401B @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3ABC38E6 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FD7DCDA6 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FD786DCA @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EB4FEEF5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B21F2857 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A13B696A @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9524D821 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:574F975B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:14A1BBE3 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F3EFA8A8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EF0BD3A1 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E4EE99EF @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E265ED33 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D4DD372D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:BA05E0C4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A745DB5D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9E3D44B7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9C3AAD57 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8866C899 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4C528C86 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3D1D487A @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:30E0D641 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1B389835 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E11D90D0 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:BEACE4C8 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A76A1B1B @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5EFEB6A1 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:569CEE83 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:53DF4438 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3D922890 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3815BC84 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:268BA8AB @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F49868C8 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F2E92DCD @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B504E4C2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2F947175 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:183A9046 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C8207070 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:315B4A13 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:1234ADAE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C76CFF82 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C669F3E1 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:9E05DEB0 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:89CF6F9C @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:834DD57E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:1DB77A89 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:03A039A3 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F135A76C @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EDF12A30 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EC855C73 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:961B84C5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7D938C9B @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:709E81D4 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:51E66512 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1FA4C06F @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:18B241CC @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1604D047 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EB68CA55 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E153075C @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A391510C @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9E9A3410 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:72A1B66A @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:57176330 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4C9782FB @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3E8A3E87 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1A8FDBA3 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0E10B960 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:77B64C59 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4DCAC4BC @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EE69D7DF @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:C9B27A06 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4F8B72C9 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:0F38B460 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AED33A42 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:9BAC4211 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:96AFAB10 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:45F3AD49 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A5822A3 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:D92485C9 @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:3D36932D @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:AD2DB2F9 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:7B2BB690 < End of report >