cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 23/09/2013 20:11:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bourville\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,55% Memory free
6,19 Gb Paging File | 5,02 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 341,82 Gb Total Space | 220,87 Gb Free Space | 64,62% Space Free | Partition Type: NTFS
Drive D: | 341,82 Gb Total Space | 341,22 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive L: | 1,94 Gb Total Space | 0,14 Gb Free Space | 7,34% Space Free | Partition Type: FAT32

Computer Name: PC-DE-BOURVILLE | User Name: bourville | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\bourville\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\bourville\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome_frame_helper.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\cspep\cspep.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\winlogon.exe ()
PRC - C:\Windows\M13616\smss.exe ()
PRC - C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\service.exe ()
PRC - C:\Windows\M13616\EmangEloh.exe ()


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\cspep\cspep.exe ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\winlogon.exe ()
MOD - C:\Windows\M13616\smss.exe ()
MOD - C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\service.exe ()
MOD - C:\Windows\M13616\EmangEloh.exe ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (CyberLink Media Server Service) -- C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (CyberLink Media Server Monitor Service) -- C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe ()
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a8p6t40o) -- File not found
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1006&m=aspire_x3810
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1006&m=aspire_x3810
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://fr.msn.com/?pc=UP21&ocid=UP21DHP&dt=122912
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=122912&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{968C0755-69D3-465D-99FD-6762B514D20A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_frFR345
IE - HKCU\..\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}: "URL" = http://mystart.hiyo.com/?search={searchTerms}&loc=ie_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\BOURVI~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\bourville\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\bourville\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:

[2013/09/19 15:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bourville\AppData\Roaming\mozilla\Firefox\extensions
[2013/09/19 15:56:11 | 000,000,000 | ---D | M] (01NET.com V1) -- C:\Users\bourville\AppData\Roaming\mozilla\Firefox\extensions\{e4f7b179-a3f6-47d8-9832-cb7b2627312a}
[2013/09/15 11:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: SearchGol (Enabled)
CHR - default_search_provider: search_url = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C826001F16F07FF0&affID=119557&tt=160913_c1&tsp=5014
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\bourville\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\bourville\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\bourville\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\bourville\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\BOURVI~1\AppData\LocalLow\POWERC~1\nppowerloader.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\bourville\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\bourville\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\bourville\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [tuto4pc_fr_62] File not found
O4 - HKCU..\Run: [ChromeFrameHelper] C:\Users\bourville\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome_frame_helper.exe (Google Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Firewall Administrating] C:\Windows\infocard.exe File not found
O4 - HKCU..\Run: [Seeteb] C:\Users\bourville\AppData\Roaming\Kocyma\ypuw.exe (Acronis)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [T1136055TT4] C:\Windows\System32\805165423741l.exe ()
O4 - HKCU..\Run: [Tok-Cirrhatus-2817] C:\Users\bourville\AppData\Local\br6657on.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [cspep.exe] C:\Program Files\cspep\cspep.exe ()
O4 - Startup: C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sql.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\bourville\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\bourville\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5F6525C-C16E-4118-A87B-BAE329F1E413}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bourville\AppData\Roaming\Microsoft\Windows Photo Gallery\meliina.jpg
O24 - Desktop BackupWallPaper: C:\Users\bourville\AppData\Roaming\Microsoft\Windows Photo Gallery\meliina.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1fed8d01-584f-11db-9f8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1fed8d01-584f-11db-9f8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\EXATEST.EXE
O33 - MountPoints2\{2c449705-355a-11e0-9f03-001f16f07ff0}\Shell - "" = AutoRun
O33 - MountPoints2\{2c449705-355a-11e0-9f03-001f16f07ff0}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{58272bbe-e10d-11de-9319-001f16f07ff0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIUoM.eXE
O33 - MountPoints2\{89562f94-1f59-11e0-9888-001f16f07ff0}\Shell\Auto\command - "" = G:\launcher.exe
O33 - MountPoints2\{89562f94-1f59-11e0-9888-001f16f07ff0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\launcher.exe
O33 - MountPoints2\{b69cc25f-383c-11df-a903-001f16f07ff0}\Shell\AutoRun\command - "" = s1.exe
O33 - MountPoints2\{b69cc25f-383c-11df-a903-001f16f07ff0}\Shell\open\Command - "" = s1.exe
O33 - MountPoints2\{d1937b2c-3e74-11df-b028-001f16f07ff0}\Shell\AutoRun\command - "" = F:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


ActiveX: {03AF0349-FFB7-AD40-D04E-B3CFC8D8F033} - Internet Explorer
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6F58690C-2F98-A54D-4352-65D41D06255F} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E021906F-573B-5D23-9335-779A5326E8F7} - Microsoft Windows Media Player 11.0
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/09/23 20:08:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bourville\Desktop\OTL.exe
[2013/09/23 18:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2013/09/23 18:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/09/23 18:36:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\{userappdata}
[2013/09/23 18:30:57 | 000,000,000 | ---D | C] -- C:\Users\bourville\AppData\Roaming\ZHP
[2013/09/23 18:21:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/23 18:21:20 | 001,030,038 | ---- | C] (Thisisu) -- C:\Users\bourville\Desktop\JRT.exe
[2013/09/20 18:13:42 | 000,000,000 | ---D | C] -- C:\Users\bourville\AppData\Roaming\UsbFix
[2013/09/20 17:45:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/20 17:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2013/09/19 16:02:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\bourville\Desktop\HijackThis.exe
[2013/09/19 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\bourville\AppData\Roaming\Mozilla
[2013/09/16 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\bourville\{2d71e94b-9f64-461a-ba9d-63b390a00038}
[2013/09/16 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/09/16 19:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/09/16 19:00:51 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/09/15 11:55:30 | 000,000,000 | ---D | C] -- C:\Users\bourville\AppData\Local\avgchrome
[2013/09/15 11:55:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013/09/15 11:55:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013/09/15 11:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/15 11:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed with 24x7 Help
[2013/09/15 11:54:08 | 087,042,456 | ---- | C] (Apple Inc.) -- C:\Users\bourville\Desktop\iTunesSetup.exe
[2013/09/02 11:59:29 | 000,000,000 | RHSD | C] -- C:\Windows\M13616
[2013/09/02 11:59:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\X38112go
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[13 C:\Users\bourville\AppData\Local\*.tmp files -> C:\Users\bourville\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/09/23 20:13:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/23 20:09:09 | 000,006,836 | ---- | M] () -- C:\Users\bourville\AppData\Local\d3d9caps.dat
[2013/09/23 20:08:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bourville\Desktop\OTL.exe
[2013/09/23 20:02:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 20:02:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 20:02:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/23 20:02:28 | 3220,361,216 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/23 19:02:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1576837919-3474246870-21099282-1000UA.job
[2013/09/23 18:21:09 | 001,030,038 | ---- | M] (Thisisu) -- C:\Users\bourville\Desktop\JRT.exe
[2013/09/23 17:02:03 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1576837919-3474246870-21099282-1000Core.job
[2013/09/19 16:02:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\bourville\Desktop\HijackThis.exe
[2013/09/19 15:55:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/09/19 15:55:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/09/16 15:46:14 | 000,000,661 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/09/15 12:01:00 | 087,042,456 | ---- | M] (Apple Inc.) -- C:\Users\bourville\Desktop\iTunesSetup.exe
[2013/09/15 11:54:37 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Optimisez votre PC.lnk
[2013/09/13 19:07:24 | 000,000,552 | ---- | M] () -- C:\Users\bourville\AppData\Local\d3d8caps.dat
[2013/09/13 10:35:54 | 000,357,525 | ---- | M] () -- C:\Users\bourville\Desktop\Anais Cv 2.odt
[2013/09/11 20:08:16 | 215,695,363 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/09 13:37:41 | 000,014,037 | ---- | M] () -- C:\Users\bourville\Desktop\Lettre de motivation vente.odt
[2013/09/09 10:54:24 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013/09/09 10:54:24 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013/09/09 10:54:24 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013/09/09 10:54:24 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013/09/09 10:54:24 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013/09/06 10:11:16 | 000,002,068 | ---- | M] () -- C:\Users\bourville\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/06 10:11:16 | 000,002,066 | ---- | M] () -- C:\Users\bourville\Desktop\Google Chrome.lnk
[2013/09/02 11:53:46 | 000,000,177 | ---- | M] () -- C:\Users\bourville\AppData\Local\JunkAtx.bin
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[13 C:\Users\bourville\AppData\Local\*.tmp files -> C:\Users\bourville\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/09/23 20:13:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/23 18:36:07 | 000,001,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHPDiag.lnk
[2013/09/19 15:55:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/09/19 15:55:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/09/16 15:46:07 | 000,000,661 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/09/15 11:54:37 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Optimisez votre PC.lnk
[2013/09/13 19:07:24 | 000,000,552 | ---- | C] () -- C:\Users\bourville\AppData\Local\d3d8caps.dat
[2013/09/02 11:59:30 | 000,035,840 | -HS- | C] () -- C:\Windows\Ti423741ta.exe
[2013/09/02 11:59:30 | 000,035,840 | -HS- | C] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sql.cmd
[2013/09/02 11:59:30 | 000,035,840 | -HS- | C] () -- C:\Windows\sa-533055.exe
[2013/09/02 11:59:30 | 000,035,840 | -HS- | C] () -- C:\Windows\System32\805165423741l.exe
[2013/09/02 11:44:51 | 000,000,177 | ---- | C] () -- C:\Users\bourville\AppData\Local\JunkAtx.bin
[2013/02/13 17:30:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/02/13 17:30:25 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/02/13 17:30:25 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/02/13 17:30:25 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/02/13 17:30:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\winlogon.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\svchost.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\smss.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\services.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\lsass.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\inetinfo.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\csrss.exe
[2010/12/06 15:43:24 | 000,045,456 | ---- | C] () -- C:\Users\bourville\AppData\Local\br6657on.exe
[2010/07/10 14:20:37 | 000,000,144 | ---- | C] () -- C:\Users\bourville\AppData\Roaming\wklnhst.dat
[2009/09/20 15:32:57 | 000,171,008 | ---- | C] () -- C:\Users\bourville\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/20 15:11:25 | 000,006,836 | ---- | C] () -- C:\Users\bourville\AppData\Local\d3d9caps.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1576837919-3474246870-21099282-1000\$3e97fff4bc86b87c34f71ba3841e2eae\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/01/21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtmsft.dll
[2008/01/21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtrans.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2011/02/10 23:06:39 | 000,691,696 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
Invalid Environment Variable: alluserprofile
Invalid Environment Variable: alluserprofile

[color=#A23BEC]< %appdata%\*. >[/color]
[2010/05/22 08:34:29 | 000,000,000 | -HSD | M] -- C:\Users\bourville\AppData\Roaming\.#
[2009/04/23 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Acer GameZone Console
[2010/10/06 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Adobe
[2012/07/05 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Apple Computer
[2009/09/20 13:10:51 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\ATI
[2011/10/04 20:30:49 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Audacity
[2010/05/19 17:14:11 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Autodesk
[2009/09/20 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\CyberLink
[2011/02/10 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\DAEMON Tools Lite
[2013/03/03 12:08:41 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\dvdcss
[2012/10/13 10:55:42 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft
[2013/04/21 09:05:10 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Ebyryg
[2010/10/06 17:28:39 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Emjysoft
[2010/10/09 19:34:08 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\emsuser
[2009/09/20 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\eSobi
[2009/09/20 13:15:55 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Google
[2009/10/03 11:43:26 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\HiYo
[2011/09/29 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\HomeMedia Connect
[2009/09/20 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Identities
[2013/04/21 09:05:10 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Kocyma
[2010/03/14 10:51:59 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Leadertech
[2009/09/20 13:10:35 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Macromedia
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Media Center Programs
[2013/03/03 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Media Player Classic
[2012/07/05 20:55:53 | 000,000,000 | --SD | M] -- C:\Users\bourville\AppData\Roaming\Microsoft
[2013/09/19 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Mozilla
[2010/04/25 15:45:35 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\OpenOffice.org
[2013/01/23 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\PhotoFiltre
[2011/09/29 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\PowerCinema
[2010/01/12 20:22:45 | 000,000,000 | RH-D | M] -- C:\Users\bourville\AppData\Roaming\SecuROM
[2013/09/20 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Skype
[2011/09/29 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\SoftDMA
[2011/02/10 23:31:38 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Sports Interactive
[2009/11/05 11:43:31 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Template
[2012/10/13 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\TuneUp Software
[2013/09/20 18:13:42 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\UsbFix
[2012/12/24 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\vlc
[2012/09/15 10:40:37 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Windows Live Writer
[2009/01/06 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\Wuigwo
[2013/09/23 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\bourville\AppData\Roaming\ZHP

[color=#A23BEC]< %appdata%\*.exe /s >[/color]
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeUploaderForFacebook\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\backup\FreeYouTubeUploader\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeUploaderForFacebook\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\DVDVideoSoft\FreeYouTubeUploader\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\eSobi\DownloadPacks\TutoriaL HAcking .exe
[2010/11/21 17:05:35 | 000,437,104 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\HiYo\Data\hiyo_install.exe
[2011/11/09 15:34:08 | 000,241,664 | ---- | M] (Acronis) -- C:\Users\bourville\AppData\Roaming\Kocyma\ypuw.exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NYNGAKX\fpdownload.adobe.com\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fpdownload.adobe.com\TutoriaL HAcking .exe
[2010/08/23 18:19:16 | 000,010,134 | R--- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | -HS- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\service.exe
[2007/09/14 17:56:00 | 000,035,840 | -HS- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\TuxO41514Z.exe
[2007/09/14 17:56:00 | 000,035,840 | -HS- | M] () -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\winlogon.exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_dynco\TutoriaL HAcking .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\Blink 182 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\Data DosenKu .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\New mp3 BaraT !! .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\Norman virus Control 5.18 .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\RaHasIA .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\Titip Folder Jangan DiHapus .exe
[2007/09/14 17:56:00 | 000,035,840 | ---- | M] () -- C:\Users\bourville\AppData\Roaming\Skype\shared_httpfe\TutoriaL HAcking .exe

[color=#A23BEC]< %systemdrive%\*. >[/color]
[2009/01/19 16:56:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/09/20 14:43:30 | 000,000,000 | -H-D | M] -- C:\ACER
[2009/09/20 13:09:10 | 000,000,000 | ---D | M] -- C:\ACERNB
[2009/09/20 13:08:57 | 000,000,000 | ---D | M] -- C:\ACERSW
[2013/09/23 18:08:40 | 000,000,000 | ---D | M] -- C:\AdwCleaner
[2009/04/23 23:20:01 | 000,000,000 | ---D | M] -- C:\Book
[2009/04/24 06:45:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2006/11/02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/01/12 09:59:56 | 000,000,000 | -HSD | M] -- C:\found.000
[2013/09/16 19:00:51 | 000,000,000 | -HSD | M] -- C:\found.001
[2009/04/23 22:07:01 | 000,000,000 | ---D | M] -- C:\Intel
[2009/04/23 22:31:37 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008/01/21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/09/23 18:36:05 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/09/23 18:10:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013/09/23 20:14:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/11/26 23:24:01 | 000,000,000 | ---D | M] -- C:\TEMP
[2009/01/19 17:22:45 | 000,000,000 | R--D | M] -- C:\Users
[2013/09/23 18:21:31 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %systemdrive%\*.exe >[/color]

[color=#A23BEC]< %programfiles%\*. >[/color]
[2009/09/20 13:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2006/10/10 13:22:51 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Deluxe
[2012/09/15 10:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone
[2006/10/10 13:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Incorporated
[2009/04/23 22:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/14 11:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/10/04 20:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2006/10/10 13:17:54 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2006/10/10 13:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2011/05/28 12:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2013/09/16 19:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2013/09/23 18:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2013/09/23 20:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\cspep
[2009/04/23 22:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/02/10 23:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/01/15 17:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\DjMixerStudio
[2012/09/25 20:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2009/04/23 22:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec
[2009/04/23 22:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec Egis Software Update
[2011/10/04 20:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/10/06 17:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi
[2009/09/20 13:06:25 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
[2012/09/15 11:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/10/03 11:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\HiYo
[2012/04/10 18:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2011/10/04 20:34:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/23 22:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/08/13 13:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/25 15:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2013/02/13 17:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/03/14 11:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2012/09/15 10:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/07 10:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/05/17 11:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/04/23 22:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2012/02/16 16:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/04/09 20:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/09 20:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/12/16 11:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/23 18:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2013/09/15 11:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/12/31 12:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\MotioninJoy
[2011/11/26 23:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/28 16:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker 2.6
[2013/09/15 11:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/20 13:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/23 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2011/09/13 15:55:46 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/10/04 20:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/08/19 20:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltre
[2009/04/23 22:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\PlayReady
[2013/03/01 21:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.FR
[2013/09/20 17:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\predm
[2010/03/14 11:21:49 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/23 22:18:16 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2013/03/25 17:33:52 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/06/15 14:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2013/09/23 20:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2006/10/10 13:11:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2006/11/02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/06 17:50:33 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/10/07 19:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2008/01/21 04:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 04:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 04:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/21 04:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/01/20 13:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/04/09 20:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/16 11:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/08/13 13:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/09/20 13:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 04:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 04:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2006/10/10 13:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\YUAN
[2011/02/10 23:30:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2013/09/23 19:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\ZHPDiag

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009/02/12 13:42:34 | 000,045,456 | ---- | M] () MD5=2CA72990FE8F0C214603D138B51D217D -- C:\Users\bourville\AppData\Local\winlogon.exe
[2007/09/14 17:56:00 | 000,035,840 | -HS- | M] () MD5=3653C2B200CC4FDFEAD0116E13E78103 -- C:\Users\bourville\AppData\Roaming\Microsoft\Windows\Templates\O41514Z\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F3176E45
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:7CACEF61
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5D7E5A8F

< End of report >

Publicité


Signaler le contenu de ce document

Publicité