cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 01/10/2013 19:26:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\patsong\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,29% Memory free
7,82 Gb Paging File | 5,78 Gb Available in Paging File | 73,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,71 Gb Total Space | 398,00 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Drive D: | 456,71 Gb Total Space | 456,65 Gb Free Space | 99,99% Space Free | Partition Type: NTFS

Computer Name: PATSONG-PC | User Name: patsong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/10/01 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\patsong\Downloads\OTL (1).exe
PRC - [2013/09/10 14:29:07 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/10 14:28:36 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/10 14:28:36 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/08/28 14:39:01 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/08/01 23:14:03 | 000,103,272 | ---- | M] (Adobe Systems Inc.) -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
PRC - [2013/06/12 16:00:02 | 013,446,464 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe
PRC - [2013/06/12 16:00:00 | 000,149,824 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
PRC - [2013/06/10 17:58:38 | 001,966,960 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
PRC - [2013/01/10 15:25:31 | 000,125,176 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PRC - [2012/08/13 11:22:48 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:22:48 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/08/11 05:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2011/05/20 18:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011/03/30 00:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2007/03/16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/08/01 23:14:03 | 004,773,736 | ---- | M] () -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013/06/12 15:59:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\Tools.dll
MOD - [2013/06/12 15:59:42 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\zip.dll
MOD - [2013/06/12 15:59:42 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\jetvm\jvm.dll
MOD - [2013/06/12 15:59:42 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetWPSAPI.dll
MOD - [2013/06/12 15:59:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\jetrt\baseline720.dll
MOD - [2013/06/12 15:59:40 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetworkAPI.dll
MOD - [2013/06/12 15:59:38 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\java.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/08/11 05:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/11 05:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2013/09/21 12:12:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 14:29:07 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/10 14:28:36 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/06 02:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/29 16:10:30 | 001,073,160 | ---- | M] (Orange SA) [Auto | Stopped] -- C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/10 17:58:38 | 001,966,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe -- (Dedicarz Service)
SRV - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/03/30 00:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/09/10 14:29:15 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2013/09/10 14:29:15 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2013/03/29 15:14:35 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/07/14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/07/14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/04/05 05:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/02/11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2010/12/24 09:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/10/15 10:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_frFR518
IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files (x86)\Google\Google Updater\2.1.850.19570\npCIDetect11.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()


[2013/04/07 11:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\patsong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {E480F4D1-BE6B-468E-B140-2B2DA5773F4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {63A03534-3C7A-4F5C-9BCB-AB671AA84B22} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [ORAHSSSessionManager] "C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" File not found
O4 - HKCU..\Run: [FLV Player] C:\Users\patsong\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe File not found
O4 - HKCU..\Run: [Orange Installer] "C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe" File not found
O4 - HKCU..\Run: [Orange mes contenus] "C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe" /delayed File not found
O4 - Startup: C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1408392979 (Mail Migration)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57EFD6E8-5F73-41F3-97E6-621DC55E3DC7}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/06 18:09:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpReg: [b]WildTangent CDA[/b] - hkey= - key= - C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP


SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/10/01 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\HotLava
[2013/10/01 12:01:10 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Local\Big Fish
[2013/10/01 12:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish
[2013/10/01 12:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2013/10/01 11:51:59 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2013/10/01 11:38:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/30 21:41:40 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shades of Death - Le Roi des Ombres
[2013/09/30 21:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shades of Death - Le Roi des Ombres
[2013/09/30 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shades of Death - Le Roi des Ombres
[2013/09/30 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Web of Deceit - La Veuve Noire
[2013/09/30 21:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web of Deceit - La Veuve Noire
[2013/09/30 21:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web of Deceit - La Veuve Noire
[2013/09/30 18:34:23 | 029,978,944 | ---- | C] (Foxit Corporation ) -- C:\Users\patsong\Desktop\FoxitReader605.0618_enu_Setup.exe
[2013/09/29 15:45:09 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\4 Friends Games
[2013/09/27 21:16:54 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Argali
[2013/09/24 19:02:41 | 000,000,000 | ---D | C] -- C:\net-snmp-compil-win
[2013/09/23 09:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/09/23 09:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/09/20 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Crown
[2013/09/20 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown
[2013/09/19 22:09:50 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\CasualMechanics
[2013/09/18 08:39:09 | 000,000,000 | ---D | C] -- C:\User Data
[2013/09/17 18:10:43 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\GreenSauceGames
[2013/09/16 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\GestaltGames
[2013/09/16 14:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\GestaltGames
[2013/09/15 15:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2013/09/14 22:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AstralaxWrapper
[2013/09/14 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\PoBros
[2013/09/14 17:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PoBros
[2013/09/12 21:06:05 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Flood Light Games
[2013/09/12 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games
[2013/09/11 18:21:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 18:21:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 18:21:46 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 18:21:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 18:21:46 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 18:21:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 18:21:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 18:21:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 18:21:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 18:21:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 18:21:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 18:21:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 18:21:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 18:21:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 18:21:44 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 18:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangentUninstall724775
[2013/09/11 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Amaranth Games
[2013/09/11 14:23:28 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Local\Wildtangent
[2013/09/11 14:23:26 | 000,000,000 | ---D | C] -- C:\Windows\wt
[2013/09/11 14:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent
[2013/09/11 07:31:26 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 07:31:24 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 07:31:23 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 07:31:23 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 07:31:23 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 07:31:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 07:31:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 07:31:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 07:31:23 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 07:31:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 07:31:23 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 07:31:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 07:31:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 07:31:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 07:31:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 07:31:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 07:31:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:31:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:31:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:31:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 07:31:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:31:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:31:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:31:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:31:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:31:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:31:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:31:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:31:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 07:31:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 07:31:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 07:31:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 07:31:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:31:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:31:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:31:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 07:30:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/10 15:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
[2013/09/09 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Princess Isabella
[2013/09/08 13:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SulusGames
[2013/09/08 10:57:28 | 000,000,000 | ---D | C] -- C:\Users\patsong\Desktop\programme
[2013/09/07 00:08:37 | 000,000,000 | ---D | C] -- C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/09/05 11:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/10/01 18:40:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 18:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 17:23:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 16:29:30 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/10/01 12:01:46 | 000,000,231 | ---- | M] () -- C:\Users\Public\Desktop\Encore plus de jeux.url
[2013/10/01 12:01:45 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Jeux.lnk
[2013/10/01 09:02:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 09:02:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 08:54:39 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 08:54:38 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/10/01 08:54:29 | 3147,685,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/30 21:54:53 | 000,072,354 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/30 21:41:53 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Jouer à Shades of Death - Le Roi des Ombres.lnk
[2013/09/30 18:36:14 | 000,002,050 | ---- | M] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/09/30 18:36:14 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/09/30 18:35:07 | 029,978,944 | ---- | M] (Foxit Corporation ) -- C:\Users\patsong\Desktop\FoxitReader605.0618_enu_Setup.exe
[2013/09/30 18:31:48 | 000,000,288 | ---- | M] () -- C:\Users\patsong\Desktop\problème souris - Sécurité - SECURITE - FORUM high-tech (2).url
[2013/09/30 10:48:30 | 000,007,618 | ---- | M] () -- C:\Users\patsong\AppData\Local\Resmon.ResmonCfg
[2013/09/21 12:12:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/21 12:12:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/19 18:54:03 | 001,549,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/19 18:54:03 | 000,704,464 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/09/19 18:54:03 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 18:54:03 | 000,130,770 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/09/19 18:54:03 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/18 08:56:12 | 000,450,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/18 08:55:11 | 000,001,160 | ---- | M] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/18 08:55:11 | 000,001,000 | ---- | M] () -- C:\Users\patsong\Desktop\Internet Explorer.lnk
[2013/09/14 23:47:55 | 000,000,222 | ---- | M] () -- C:\Users\patsong\Desktop\Vivre sans thyroïde dosage levothyrox.url
[2013/09/13 23:54:56 | 000,002,693 | ---- | M] () -- C:\Users\patsong\Desktop\Microsoft Office Excel 2007.lnk
[2013/09/11 18:37:41 | 000,002,738 | ---- | M] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - packardbell.lnk
[2013/09/11 18:37:41 | 000,002,706 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk
[2013/09/10 14:29:15 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/09/10 14:29:15 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/09/10 14:29:15 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/09/06 18:09:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/09/06 18:00:06 | 000,365,966 | ---- | M] () -- C:\Users\patsong\Documents\cc_20130906_175954.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/10/01 12:01:45 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Jeux.lnk
[2013/10/01 12:01:45 | 000,000,231 | ---- | C] () -- C:\Users\Public\Desktop\Encore plus de jeux.url
[2013/10/01 12:01:10 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013/10/01 12:01:10 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Encore plus de jeux.lnk
[2013/09/30 21:41:53 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Jouer à Shades of Death - Le Roi des Ombres.lnk
[2013/09/30 18:36:14 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/09/30 18:36:13 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/09/30 18:31:48 | 000,000,288 | ---- | C] () -- C:\Users\patsong\Desktop\problème souris - Sécurité - SECURITE - FORUM high-tech (2).url
[2013/09/30 10:48:30 | 000,007,618 | ---- | C] () -- C:\Users\patsong\AppData\Local\Resmon.ResmonCfg
[2013/09/14 23:47:54 | 000,000,222 | ---- | C] () -- C:\Users\patsong\Desktop\Vivre sans thyroïde dosage levothyrox.url
[2013/09/11 18:37:41 | 000,002,738 | ---- | C] () -- C:\Users\patsong\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - packardbell.lnk
[2013/09/11 18:37:40 | 000,002,706 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk
[2013/09/06 18:09:35 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/09/06 18:09:16 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013/09/06 17:59:58 | 000,365,966 | ---- | C] () -- C:\Users\patsong\Documents\cc_20130906_175954.reg
[2013/08/27 12:28:37 | 000,234,461 | ---- | C] () -- C:\Users\patsong\AppData\Local\census.cache
[2013/08/27 12:28:33 | 000,107,575 | ---- | C] () -- C:\Users\patsong\AppData\Local\ars.cache
[2013/08/27 12:06:00 | 000,000,036 | ---- | C] () -- C:\Users\patsong\AppData\Local\housecall.guid.cache
[2013/08/10 15:00:28 | 000,000,000 | ---- | C] () -- C:\Users\patsong\AppData\Roaming\SharedSettings.ccs
[2013/05/17 18:39:01 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/03/16 13:47:23 | 000,003,584 | ---- | C] () -- C:\Users\patsong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/16 09:48:59 | 000,001,125 | ---- | C] () -- C:\Users\patsong\Documents - Raccourci.lnk
[2013/02/15 15:13:12 | 000,072,354 | ---- | C] () -- C:\Windows\wininit.ini
[2013/01/08 22:40:48 | 001,577,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/21 11:51:17 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/21 11:51:17 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/21 11:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< HKCU\Software >[/color]

[HKEY_CURRENT_USER\Software\(null)]

[HKEY_CURRENT_USER\Software\Acer]

[HKEY_CURRENT_USER\Software\Adobe]

[HKEY_CURRENT_USER\Software\AdoreGames]

[HKEY_CURRENT_USER\Software\Alawar]

[HKEY_CURRENT_USER\Software\AppDataLow]

[HKEY_CURRENT_USER\Software\Artogon]

[HKEY_CURRENT_USER\Software\AV Technologies]

[HKEY_CURRENT_USER\Software\Avira]

[HKEY_CURRENT_USER\Software\Big Fish Games]

[HKEY_CURRENT_USER\Software\Big Fish Games, Inc.]

[HKEY_CURRENT_USER\Software\BigFish]

[HKEY_CURRENT_USER\Software\Boonty]

[HKEY_CURRENT_USER\Software\Clients]

[HKEY_CURRENT_USER\Software\Cyberlink]

[HKEY_CURRENT_USER\Software\DSS]

[HKEY_CURRENT_USER\Software\Evernote]

[HKEY_CURRENT_USER\Software\fijxtuaf]

[HKEY_CURRENT_USER\Software\Foxit Software]

[HKEY_CURRENT_USER\Software\Fugazo]

[HKEY_CURRENT_USER\Software\Gestalt Games]

[HKEY_CURRENT_USER\Software\Gogii]

[HKEY_CURRENT_USER\Software\Gogii Games]

[HKEY_CURRENT_USER\Software\Good games]

[HKEY_CURRENT_USER\Software\Google]

[HKEY_CURRENT_USER\Software\Hewlett-Packard]

[HKEY_CURRENT_USER\Software\HipSoft]

[HKEY_CURRENT_USER\Software\HookNetwork]

[HKEY_CURRENT_USER\Software\IM Providers]

[HKEY_CURRENT_USER\Software\Intel]

[HKEY_CURRENT_USER\Software\JavaSoft]

[HKEY_CURRENT_USER\Software\kde.org]

[HKEY_CURRENT_USER\Software\Licenses]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]

[HKEY_CURRENT_USER\Software\Macromedia]

[HKEY_CURRENT_USER\Software\Macrovision]

[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]

[HKEY_CURRENT_USER\Software\Meridian93]

[HKEY_CURRENT_USER\Software\Microsoft]

[HKEY_CURRENT_USER\Software\mozilla]

[HKEY_CURRENT_USER\Software\MozillaPlugins]

[HKEY_CURRENT_USER\Software\Nero]

[HKEY_CURRENT_USER\Software\Netscape]

[HKEY_CURRENT_USER\Software\Norton]

[HKEY_CURRENT_USER\Software\ODBC]

[HKEY_CURRENT_USER\Software\OEM]

[HKEY_CURRENT_USER\Software\OpenOffice.org]

[HKEY_CURRENT_USER\Software\Orange]

[HKEY_CURRENT_USER\Software\Ovogame]

[HKEY_CURRENT_USER\Software\Packard Bell]

[HKEY_CURRENT_USER\Software\PDF Suite 2013]

[HKEY_CURRENT_USER\Software\Piriform]

[HKEY_CURRENT_USER\Software\Playrix Entertainment]

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\PopCap]

[HKEY_CURRENT_USER\Software\PuzzleLab]

[HKEY_CURRENT_USER\Software\Realtek]

[HKEY_CURRENT_USER\Software\rrhghfce]

[HKEY_CURRENT_USER\Software\Shaman Games]

[HKEY_CURRENT_USER\Software\Silverback Games]

[HKEY_CURRENT_USER\Software\Silverback Productions]

[HKEY_CURRENT_USER\Software\Skype]

[HKEY_CURRENT_USER\Software\Symantec]

[HKEY_CURRENT_USER\Software\TeleCharger]

[HKEY_CURRENT_USER\Software\Test3D]

[HKEY_CURRENT_USER\Software\Trolltech]

[HKEY_CURRENT_USER\Software\VSRevoGroup]

[HKEY_CURRENT_USER\Software\Wargaming.net]

[HKEY_CURRENT_USER\Software\WildTangent]

[HKEY_CURRENT_USER\Software\Windows Live Writer]

[HKEY_CURRENT_USER\Software\Wow6432Node]

[HKEY_CURRENT_USER\Software\ZebHelpProcess Helper]

[HKEY_CURRENT_USER\Software\Classes]

[color=#A23BEC]< HKLM\Software >[/color]
"License_Time" = 0
"RB" = 0

[HKEY_LOCAL_MACHINE\Software\Adobe]

[HKEY_LOCAL_MACHINE\Software\AdwCleaner]

[HKEY_LOCAL_MACHINE\Software\AGEIA Technologies]

[HKEY_LOCAL_MACHINE\Software\Alawar]

[HKEY_LOCAL_MACHINE\Software\AppDataLow]

[HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.]

[HKEY_LOCAL_MACHINE\Software\Avira]

[HKEY_LOCAL_MACHINE\Software\Big Fish Games]

[HKEY_LOCAL_MACHINE\Software\Boonty]

[HKEY_LOCAL_MACHINE\Software\CyberLink]

[HKEY_LOCAL_MACHINE\Software\DivXNetworks]

[HKEY_LOCAL_MACHINE\Software\DSS]

[HKEY_LOCAL_MACHINE\Software\Evernote]

[HKEY_LOCAL_MACHINE\Software\Foxit Software]

[HKEY_LOCAL_MACHINE\Software\FRANCE TELECOM]

[HKEY_LOCAL_MACHINE\Software\FUHU, Inc.]

[HKEY_LOCAL_MACHINE\Software\GameInstaller]

[HKEY_LOCAL_MACHINE\Software\Google]

[HKEY_LOCAL_MACHINE\Software\IM Providers]

[HKEY_LOCAL_MACHINE\Software\InstallShield]

[HKEY_LOCAL_MACHINE\Software\Intel]

[HKEY_LOCAL_MACHINE\Software\JavaSoft]

[HKEY_LOCAL_MACHINE\Software\JreMetrics]

[HKEY_LOCAL_MACHINE\Software\Licenses]

[HKEY_LOCAL_MACHINE\Software\Macromedia]

[HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware]

[HKEY_LOCAL_MACHINE\Software\Microsoft]

[HKEY_LOCAL_MACHINE\Software\Mozilla]

[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]

[HKEY_LOCAL_MACHINE\Software\Nero]

[HKEY_LOCAL_MACHINE\Software\ODBC]

[HKEY_LOCAL_MACHINE\Software\OEM]

[HKEY_LOCAL_MACHINE\Software\OldTimer Tools]

[HKEY_LOCAL_MACHINE\Software\OpenOffice.org]

[HKEY_LOCAL_MACHINE\Software\Orange]

[HKEY_LOCAL_MACHINE\Software\Packard Bell]

[HKEY_LOCAL_MACHINE\Software\Realtek]

[HKEY_LOCAL_MACHINE\Software\Realtek Semiconductor Corp.]

[HKEY_LOCAL_MACHINE\Software\Skype]

[HKEY_LOCAL_MACHINE\Software\Symantec]

[HKEY_LOCAL_MACHINE\Software\Thomson]

[HKEY_LOCAL_MACHINE\Software\Trolltech]

[HKEY_LOCAL_MACHINE\Software\Trymedia Systems]

[HKEY_LOCAL_MACHINE\Software\Uniblue]

[HKEY_LOCAL_MACHINE\Software\Vittalia]

[HKEY_LOCAL_MACHINE\Software\Volatile]

[HKEY_LOCAL_MACHINE\Software\webtogo]

[HKEY_LOCAL_MACHINE\Software\WildTangent]

[HKEY_LOCAL_MACHINE\Software\WinPcap]

[HKEY_LOCAL_MACHINE\Software\X-AVCSD]

[HKEY_LOCAL_MACHINE\Software\Classes]

[HKEY_LOCAL_MACHINE\Software\Clients]

[HKEY_LOCAL_MACHINE\Software\Policies]

[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]

[color=#A23BEC]< HKCU\Software\Microsoft\Command Processor /s >[/color]
"CompletionChar" = 9
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 9

[color=#A23BEC]< HKLM\Software\Microsoft\Command Processor /s >[/color]
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64

[color=#A23BEC]< %Homedrive%\* >[/color]
[2013/09/06 18:09:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/10/21 11:56:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/10/01 08:54:29 | 3147,685,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 08:54:31 | 4196,917,248 | -HS- | M] () -- C:\pagefile.sys

[color=#A23BEC]< %Homedrive%\*. >[/color]
[2013/02/01 15:42:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013/10/01 13:33:49 | 000,000,000 | ---D | M] -- C:\BigFishCache
[2013/08/09 17:33:25 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2012/11/13 17:06:12 | 000,000,000 | -H-D | M] -- C:\book
[2013/05/10 22:39:58 | 000,000,000 | ---D | M] -- C:\Boonty
[2013/09/30 18:37:02 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/06/26 12:53:47 | 000,000,000 | ---D | M] -- C:\Games
[2012/11/13 17:01:07 | 000,000,000 | -H-D | M] -- C:\Intel
[2013/03/16 14:01:15 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013/09/24 19:02:41 | 000,000,000 | ---D | M] -- C:\net-snmp-compil-win
[2013/01/08 19:54:12 | 000,000,000 | -H-D | M] -- C:\OEM
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/09/06 19:43:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/10/01 18:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013/10/01 12:00:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/10/01 19:28:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/09/18 08:39:09 | 000,000,000 | ---D | M] -- C:\User Data
[2013/08/24 09:52:20 | 000,000,000 | R--D | M] -- C:\Users
[2013/10/01 11:38:04 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %Userprofile%\* >[/color]
[2013/05/01 10:45:30 | 000,010,888 | ---- | M] () -- C:\Users\patsong\Blackbird.docx
[2013/05/01 10:48:37 | 000,011,245 | ---- | M] () -- C:\Users\patsong\Come together.docx
[2013/02/16 09:48:59 | 000,001,125 | ---- | M] () -- C:\Users\patsong\Documents - Raccourci.lnk
[2013/05/01 10:53:57 | 000,011,481 | ---- | M] () -- C:\Users\patsong\Help.docx
[2013/10/01 19:28:43 | 008,912,896 | -HS- | M] () -- C:\Users\patsong\ntuser.dat
[2013/10/01 19:28:43 | 000,262,144 | -HS- | M] () -- C:\Users\patsong\ntuser.dat.LOG1
[2013/01/08 19:52:59 | 000,000,000 | -HS- | M] () -- C:\Users\patsong\ntuser.dat.LOG2
[2013/01/08 20:19:21 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013/01/08 20:19:21 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013/01/08 20:19:21 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/09/18 08:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{65c91a8c-201f-11e3-b707-e840f2a6c382}.TM.blf
[2013/09/18 08:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{65c91a8c-201f-11e3-b707-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms
[2013/09/18 08:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{65c91a8c-201f-11e3-b707-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms
[2013/08/28 09:16:16 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{66d1d379-0fae-11e3-ad11-e840f2a6c382}.TM.blf
[2013/08/28 09:16:16 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{66d1d379-0fae-11e3-ad11-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 09:16:16 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{66d1d379-0fae-11e3-ad11-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms
[2013/09/30 21:59:44 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{906e8832-29bc-11e3-a19d-e840f2a6c382}.TM.blf
[2013/09/30 21:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{906e8832-29bc-11e3-a19d-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms
[2013/09/30 21:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{906e8832-29bc-11e3-a19d-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms
[2013/08/02 00:06:33 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{9c89b6ec-faed-11e2-8b49-e840f2a6c382}.TM.blf
[2013/08/02 00:06:33 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{9c89b6ec-faed-11e2-8b49-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms
[2013/08/02 00:06:33 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{9c89b6ec-faed-11e2-8b49-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms
[2013/03/03 00:24:31 | 000,065,536 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{fb0f5ee6-82f7-11e2-b1c7-e840f2a6c382}.TM.blf
[2013/03/03 00:24:31 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{fb0f5ee6-82f7-11e2-b1c7-e840f2a6c382}.TMContainer00000000000000000001.regtrans-ms
[2013/03/03 00:24:31 | 000,524,288 | -HS- | M] () -- C:\Users\patsong\ntuser.dat{fb0f5ee6-82f7-11e2-b1c7-e840f2a6c382}.TMContainer00000000000000000002.regtrans-ms
[2013/01/08 19:53:00 | 000,000,020 | -HS- | M] () -- C:\Users\patsong\ntuser.ini
[2013/05/01 10:42:12 | 000,012,539 | ---- | M] () -- C:\Users\patsong\While My Guitar Gently Weeps.docx

[color=#A23BEC]< %Userprofile%\*. >[/color]
[2013/09/30 15:25:56 | 000,000,000 | -H-D | M] -- C:\Users\patsong\AppData
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Application Data
[2013/04/06 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\patsong\chez NINE
[2013/06/23 08:19:45 | 000,000,000 | ---D | M] -- C:\Users\patsong\chez nini
[2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Contacts
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Cookies
[2013/10/01 11:53:15 | 000,000,000 | R--D | M] -- C:\Users\patsong\Desktop
[2013/09/19 19:20:13 | 000,000,000 | R--D | M] -- C:\Users\patsong\Documents
[2013/10/01 19:25:44 | 000,000,000 | R--D | M] -- C:\Users\patsong\Downloads
[2013/09/20 12:29:21 | 000,000,000 | R--D | M] -- C:\Users\patsong\Favorites
[2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Links
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Local Settings
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Menu Démarrer
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Mes documents
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Modèles
[2013/09/30 15:26:48 | 000,000,000 | R--D | M] -- C:\Users\patsong\Music
[2013/10/01 11:36:43 | 000,000,000 | R--D | M] -- C:\Users\patsong\Pictures
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Recent
[2013/09/12 21:06:05 | 000,000,000 | R--D | M] -- C:\Users\patsong\Saved Games
[2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Searches
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\SendTo
[2013/02/05 21:45:03 | 000,000,000 | R--D | M] -- C:\Users\patsong\SkyDrive
[2013/05/28 19:22:00 | 000,000,000 | ---D | M] -- C:\Users\patsong\Tracing
[2013/09/11 18:25:55 | 000,000,000 | R--D | M] -- C:\Users\patsong\Videos
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Voisinage d'impression
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\Voisinage réseau

[color=#A23BEC]< %Allusersprofile%\* >[/color]

[color=#A23BEC]< %Allusersprofile%\*. >[/color]
[2013/03/19 13:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Absolutist
[2013/02/01 17:16:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer
[2013/09/30 15:23:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2013/08/01 23:14:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/09/14 22:33:11 | 000,000,000 | ---D | M] -- C:\ProgramData\AstralaxWrapper
[2013/01/09 19:28:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2013/10/01 12:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish
[2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2013/09/28 14:56:58 | 000,000,000 | ---D | M] -- C:\ProgramData\casualArts
[2013/01/11 22:52:56 | 000,000,000 | ---D | M] -- C:\ProgramData\cerasus.media
[2013/09/20 15:58:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Crown
[2013/05/02 00:12:56 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/09/23 12:39:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Elephant Games
[2012/11/13 17:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Evernote
[2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/09/18 11:35:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Flood Light Games
[2013/06/18 19:37:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Floodlight Games
[2013/01/16 18:59:03 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2012/11/13 17:24:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Fooz Kids
[2013/09/16 14:59:53 | 000,000,000 | ---D | M] -- C:\ProgramData\GestaltGames
[2013/09/17 23:42:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2013/10/01 16:29:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Google Updater
[2012/11/13 17:06:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2013/01/09 18:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2013/03/16 14:03:32 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013/09/13 23:55:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2013/02/05 21:44:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft SkyDrive
[2013/01/08 19:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2013/03/02 16:06:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2013/08/31 15:01:50 | 000,000,000 | ---D | M] -- C:\ProgramData\MumboJumbo
[2011/10/21 11:53:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2013/01/09 19:29:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2011/10/21 11:57:07 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2013/01/08 19:54:45 | 000,000,000 | ---D | M] -- C:\ProgramData\oem
[2013/09/30 15:23:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Orange
[2011/10/21 11:41:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Packard Bell
[2013/03/10 23:01:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Particles
[2013/09/05 11:17:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Playrix Entertainment
[2013/09/14 20:24:14 | 000,000,000 | ---D | M] -- C:\ProgramData\PoBros
[2013/05/09 22:55:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Publisher
[2013/08/12 12:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/09/20 18:45:16 | 000,000,000 | ---D | M] -- C:\ProgramData\SulusGames
[2013/05/02 00:35:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2013/10/01 18:20:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/03/18 17:41:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TERMINAL Studio
[2013/01/09 19:58:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2013/09/30 15:26:36 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2013/09/11 18:12:42 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangentUninstall724775

[color=#A23BEC]< %LocalAppData%\* >[/color]
[2013/08/27 12:28:33 | 000,107,575 | ---- | M] () -- C:\Users\patsong\AppData\Local\ars.cache
[2013/08/27 12:28:37 | 000,234,461 | ---- | M] () -- C:\Users\patsong\AppData\Local\census.cache
[2013/03/16 13:47:23 | 000,003,584 | ---- | M] () -- C:\Users\patsong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/18 08:37:50 | 000,117,224 | ---- | M] () -- C:\Users\patsong\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/08/27 12:06:00 | 000,000,036 | ---- | M] () -- C:\Users\patsong\AppData\Local\housecall.guid.cache
[2013/10/01 08:53:55 | 002,771,160 | -H-- | M] () -- C:\Users\patsong\AppData\Local\IconCache.db
[2013/09/30 10:48:30 | 000,007,618 | ---- | M] () -- C:\Users\patsong\AppData\Local\Resmon.ResmonCfg

[color=#A23BEC]< %LocalAppData%\*. >[/color]
[2013/09/08 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Adobe
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\AppData\Local\Application Data
[2013/01/08 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Apps
[2013/08/28 14:27:53 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\avgchrome
[2013/10/01 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Big Fish
[2013/08/02 07:43:08 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Chronicles of Albian 2
[2013/03/02 15:59:02 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Citrix
[2013/09/30 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\CrashDumps
[2013/05/02 00:12:21 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Cyberlink
[2013/03/02 15:59:01 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Deployment
[2013/09/30 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Diagnostics
[2013/10/01 11:53:35 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\ElevatedDiagnostics
[2013/02/15 14:55:00 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Evernote
[2013/09/19 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Google
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\AppData\Local\Historique
[2013/02/11 15:23:58 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\JollyBear
[2013/07/22 10:08:09 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Microsoft
[2013/05/28 19:19:29 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Microsoft Games
[2013/02/15 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Microsoft Help
[2013/03/02 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Mozilla
[2013/03/24 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Murder on the Titanic
[2013/03/03 12:25:41 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Orange
[2013/01/09 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Programs
[2013/01/08 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\SoftGrid Client
[2013/04/14 22:51:56 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Tales of Lagoona
[2013/10/01 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Temp
[2013/01/08 19:53:00 | 000,000,000 | -HSD | M] -- C:\Users\patsong\AppData\Local\Temporary Internet Files
[2013/08/13 08:53:48 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\VirtualStore
[2013/09/11 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Wildtangent
[2013/09/29 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Windows Live
[2013/01/16 23:56:03 | 000,000,000 | ---D | M] -- C:\Users\patsong\AppData\Local\Windows Live Writer

[color=#A23BEC]< %Userprofile%\Local Settings\Application Data\* >[/color]

[color=#A23BEC]< %Userprofile%\Local Settings\Application Data\*. >[/color]

[color=#A23BEC]< %programFiles%\* >[/color]
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#A23BEC]< %programfiles%\Google\Desktop\Install /s >[/color]

[color=#A23BEC]< %programFiles%\*. >[/color]
[2013/09/30 18:37:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2013/01/09 19:28:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2013/10/01 12:01:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\bfgclient
[2013/08/28 19:40:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BoontyGames
[2013/08/28 09:03:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/10/21 11:59:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2012/11/13 17:15:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote
[2013/09/23 09:58:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software
[2013/09/18 08:25:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2013/08/28 09:03:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUMEFFA.tmp
[2012/11/13 17:24:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/11/13 17:10:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2013/09/11 18:24:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2013/01/08 20:06:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Inventel
[2013/05/02 00:34:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2013/04/09 13:58:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jeux.fr
[2013/04/18 09:16:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/15 19:30:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2013/03/29 16:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2013/07/16 09:04:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/02/05 21:45:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/02/15 19:01:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/03/16 14:03:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/03/16 14:01:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013/03/16 23:23:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2013/05/27 13:34:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2013/05/27 13:32:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2013/04/07 11:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/16 14:03:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013/03/16 13:02:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2013/01/15 14:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/21 11:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2013/04/27 16:06:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/05/02 22:01:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/09/18 08:46:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Orange
[2012/11/13 17:30:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Packard Bell
[2013/04/08 22:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
[2012/11/13 17:11:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013/01/08 22:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Securitoo
[2013/09/30 21:41:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shades of Death - Le Roi des Ombres
[2013/08/12 12:54:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/11/13 17:12:08 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2013/03/03 12:26:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wanadoo
[2013/09/30 21:55:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Web of Deceit - La Veuve Noire
[2013/09/30 15:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames
[2013/09/11 14:23:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
[2013/09/11 18:37:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2013/07/16 09:05:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2013/07/22 10:21:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/21 05:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/11/14 01:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

[color=#A23BEC]< %Systemroot%\Installer\*. >[/color]
[2011/10/21 11:40:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$
[2013/04/27 15:56:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI217E.tmp-
[2013/08/28 14:25:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI27B2.tmp-
[2013/04/27 15:56:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI2FA3.tmp-
[2013/08/28 14:25:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI33C5.tmp-
[2013/04/27 15:57:01 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI3A21.tmp-
[2013/08/28 14:25:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSI3E14.tmp-
[2013/08/28 14:24:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSIA21.tmp-
[2013/08/28 14:24:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSIF1BE.tmp-
[2013/08/28 14:24:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\MSIFAD3.tmp-
[2011/10/21 11:53:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}
[2011/10/21 11:52:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
[2013/06/26 09:05:52 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83217025FF}
[2013/03/16 13:00:21 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}
[2013/05/27 13:34:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
[2011/10/21 11:53:32 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{33643918-7957-4839-92C7-EA96CB621A98}
[2013/08/12 12:54:10 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
[2011/10/21 11:53:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
[2013/02/05 21:47:02 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}
[2013/08/29 19:53:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2011/10/21 11:55:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}
[2011/10/21 11:53:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
[2011/10/21 11:52:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}
[2011/10/21 11:52:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
[2013/05/02 22:01:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{7DA1C06F-C913-46C7-8A0F-DA2CBA17EA1D}
[2013/01/15 14:03:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2013/07/16 00:15:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2013/09/13 23:55:02 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}
[2013/03/16 14:03:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-002A-0000-1000-0000000FF1CE}
[2013/03/16 23:22:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}
[2011/10/21 11:53:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{92E25238-61A3-4ACD-A407-3C480EEF47A7}
[2013/09/13 23:54:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{95120000-003F-040C-0000-0000000FF1CE}
[2013/02/05 22:31:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}
[2013/04/27 16:05:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}
[2013/05/10 22:50:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}
[2011/10/21 11:55:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C18A0418-442A-4186-AF98-D08F5054A2FC}
[2013/03/06 16:54:00 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D6D4646B-BDBA-4EBC-BFDD-8F880F8B6A03}
[2013/04/27 16:06:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DEA314C4-0929-4250-BC92-98E4C105F28D}
[2011/10/21 11:53:21 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E337E787-CF61-4B7B-B84F-509202A54023}
[2011/10/21 12:00:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E3739848-5329-48E3-8D28-5BBD6E8BE384}
[2013/01/22 19:15:34 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
[2013/01/22 19:15:38 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2013/02/05 21:47:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F2235E5E-7881-4293-9B6F-04B2609FBFF0}
[2011/10/21 11:55:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}
[2011/10/21 11:55:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
[2013/01/15 14:03:19 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

[color=#A23BEC]< %Systemroot%\Temp\*.exe /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2013/08/10 05:58:05 | 013,761,024 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\ieframe.dll
[2013/05/01 03:04:00 | 000,117,248 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\iepeers.dll

[color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\*.in* >[/color]
[2013/05/01 03:03:59 | 000,025,185 | ---- | M] () -- C:\Windows\system32\ieuinit.inf
[2013/07/22 10:21:58 | 000,001,729 | ---- | M] () -- C:\Windows\system32\InstallUtil.InstallLog
[2009/07/14 06:55:01 | 000,000,535 | ---- | M] () -- C:\Windows\system32\mapisvc.inf
[2013/01/10 21:58:35 | 001,577,122 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

[color=#A23BEC]< %systemroot%\Tasks\* >[/color]
[2013/10/01 18:40:00 | 000,001,002 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/10/01 16:29:30 | 000,001,014 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2013/10/01 08:54:39 | 000,001,066 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 18:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 08:54:36 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2013/08/15 18:35:14 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#A23BEC]< %systemroot%\Tasks\*. >[/color]

[color=#A23BEC]< %systemroot%\system32\Tasks\* >[/color]

[color=#A23BEC]< %systemroot%\system32\Tasks\*. >[/color]
[2009/07/14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\Microsoft

[color=#A23BEC]< %systemroot%\system32\drivers\*.sy* /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\config\*.exe /s >[/color]

[color=#A23BEC]< %Systemroot%\ServiceProfiles\*.exe /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.sys >[/color]
[2009/08/24 14:22:58 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\system32\pcampr5.sys
[2009/08/24 14:22:58 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\system32\pcandis5.sys

[color=#A23BEC]< dir %Homedrive%\* /S /A:L /C >[/color]
Le volume dans le lecteur C s'appelle Packard Bell
Le num ro de s rie du volume est 424F-DA4B
R pertoire de C:\
14/07/2009 07:08 <JONCTION> Documents and Settings [C:\Users]
0 fichier(s) 0 octets
R pertoire de C:\Program Files
08/01/2013 19:52 <JONCTION> Fichiers communs [C:\Program Files\Common Files]
0 fichier(s) 0 octets
R pertoire de C:\Program Files\Windows NT
08/01/2013 19:52 <JONCTION> Accessoires [C:\Program Files\Windows NT\Accessories]
0 fichier(s) 0 octets
R pertoire de C:\ProgramData
14/07/2009 07:08 <JONCTION> Application Data [C:\ProgramData]
08/01/2013 19:52 <JONCTION> Bureau [C:\Users\Public\Desktop]
14/07/2009 07:08 <JONCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 07:08 <JONCTION> Documents [C:\Users\Public\Documents]
08/01/2013 19:52 <JONCTION> Favoris [C:\Users\Public\Favorites]
14/07/2009 07:08 <JONCTION> Favorites [C:\Users\Public\Favorites]
08/01/2013 19:52 <JONCTION> Menu D marrer [C:\ProgramData\Microsoft\Windows\Start Menu]
08/01/2013 19:52 <JONCTION> Mod`les [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009 07:08 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 07:08 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R pertoire de C:\ProgramData\Microsoft\Windows\Start Menu
08/01/2013 19:52 <JONCTION> Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users
14/07/2009 07:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 07:08 <JONCTION> Default User [C:\Users\Default]
0 fichier(s) 0 octets
R pertoire de C:\Users\All Users
14/07/2009 07:08 <JONCTION> Application Data [C:\ProgramData]
08/01/2013 19:52 <JONCTION> Bureau [C:\Users\Public\Desktop]
14/07/2009 07:08 <JONCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 07:08 <JONCTION> Documents [C:\Users\Public\Documents]
08/01/2013 19:52 <JONCTION> Favoris [C:\Users\Public\Favorites]
14/07/2009 07:08 <JONCTION> Favorites [C:\Users\Public\Favorites]
08/01/2013 19:52 <JONCTION> Menu D marrer [C:\ProgramData\Microsoft\Windows\Start Menu]
08/01/2013 19:52 <JONCTION> Mod`les [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009 07:08 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 07:08 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R pertoire de C:\Users\All Users\Microsoft\Windows\Start Menu
08/01/2013 19:52 <JONCTION> Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default
14/07/2009 07:08 <JONCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 07:08 <JONCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 07:08 <JONCTION> Local Settings [C:\Users\Default\AppData\Local]
08/01/2013 19:52 <JONCTION> Menu D marrer [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/01/2013 19:52 <JONCTION> Mes documents [C:\Users\Default\Documents]
08/01/2013 19:52 <JONCTION> Mod`les [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009 07:08 <JONCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 07:08 <JONCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 07:08 <JONCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 07:08 <JONCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 07:08 <JONCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 07:08 <JONCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 07:08 <JONCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
08/01/2013 19:52 <JONCTION> Voisinage d'impression [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/01/2013 19:52 <JONCTION> Voisinage r seau [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default\AppData\Local
14/07/2009 07:08 <JONCTION> Application Data [C:\Users\Default\AppData\Local]
08/01/2013 19:52 <JONCTION> Historique [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 07:08 <JONCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 07:08 <JONCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
08/01/2013 19:52 <JONCTION> Programmes [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default\Documents
08/01/2013 19:52 <JONCTION> Ma musique [C:\Users\Default\Music]
08/01/2013 19:52 <JONCTION> Mes images [C:\Users\Default\Pictures]
08/01/2013 19:52 <JONCTION> Mes vid os [C:\Users\Default\Videos]
14/07/2009 07:08 <JONCTION> My Music [C:\Users\Default\Music]
14/07/2009 07:08 <JONCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 07:08 <JONCTION> My Videos [C:\Users\Default\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\patsong
08/01/2013 19:53 <JONCTION> Application Data [C:\Users\patsong\AppData\Roaming]
08/01/2013 19:53 <JONCTION> Cookies [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Cookies]
08/01/2013 19:53 <JONCTION> Local Settings [C:\Users\patsong\AppData\Local]
08/01/2013 19:53 <JONCTION> Menu D marrer [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu]
08/01/2013 19:53 <JONCTION> Mes documents [C:\Users\patsong\Documents]
08/01/2013 19:53 <JONCTION> Mod`les [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Templates]
08/01/2013 19:53 <JONCTION> Recent [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Recent]
08/01/2013 19:53 <JONCTION> SendTo [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\SendTo]
08/01/2013 19:53 <JONCTION> Voisinage d'impression [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/01/2013 19:53 <JONCTION> Voisinage r seau [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\patsong\AppData\Local
08/01/2013 19:53 <JONCTION> Application Data [C:\Users\patsong\AppData\Local]
08/01/2013 19:53 <JONCTION> Historique [C:\Users\patsong\AppData\Local\Microsoft\Windows\History]
08/01/2013 19:53 <JONCTION> Temporary Internet Files [C:\Users\patsong\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R pertoire de C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu
08/01/2013 19:53 <JONCTION> Programmes [C:\Users\patsong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\patsong\Documents
08/01/2013 19:53 <JONCTION> Ma musique [C:\Users\patsong\Music]
08/01/2013 19:53 <JONCTION> Mes images [C:\Users\patsong\Pictures]
08/01/2013 19:53 <JONCTION> Mes vid os [C:\Users\patsong\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\Public\Documents
08/01/2013 19:52 <JONCTION> Ma musique [C:\Users\Public\Music]
08/01/2013 19:52 <JONCTION> Mes images [C:\Users\Public\Pictures]
08/01/2013 19:52 <JONCTION> Mes vid os [C:\Users\Public\Videos]
14/07/2009 07:08 <JONCTION> My Music [C:\Users\Public\Music]
14/07/2009 07:08 <JONCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 07:08 <JONCTION> My Videos [C:\Users\Public\Videos]
0 fichier(s) 0 octets
Total des fichiers list sÿ:
0 fichier(s) 0 octets
76 R p(s) 427ÿ273ÿ809ÿ920 octets libres

[color=#A23BEC]< MD5 for: AFD.SYS >[/color]
[2011/12/28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 06:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/21 05:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/07/14 07:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/07/14 07:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011/07/14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012/08/22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

[color=#A23BEC]< MD5 for: NETBT.SYS >[/color]
[2010/11/21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

[color=#A23BEC]< MD5 for: TDX.SYS >[/color]
[2010/11/21 05:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/21 05:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/10/01 13:33:30 | 098,609,238 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\MøZ¬í‹
[2013/10/01 13:33:30 | 098,609,238 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\MøZ¬í‹
[2013/09/22 18:04:38 | 098,597,466 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\¾X›P¬í¢
[2013/09/22 18:04:38 | 098,597,466 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\¾X›P¬í¢
[2013/09/20 09:34:58 | 098,453,713 | ---- | M] ()(C:\Windows\SysWow64\???#) -- C:\Windows\SysWow64\Ô¨Cˬí#
[2013/09/20 09:34:58 | 098,453,713 | ---- | C] ()(C:\Windows\SysWow64\???#) -- C:\Windows\SysWow64\Ô¨Cˬí#
[2013/09/15 07:11:53 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\?u??) -- C:\Windows\SysWow64\\Uÿ¬í”
[2013/09/15 07:11:53 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\?u??) -- C:\Windows\SysWow64\\Uÿ¬í”

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 401 bytes -> C:\ProgramData\Temp:9F6AB9FA
@Alternate Data Stream - 384 bytes -> C:\ProgramData\Temp:831B2461
@Alternate Data Stream - 381 bytes -> C:\ProgramData\Temp:9344C1D9
@Alternate Data Stream - 372 bytes -> C:\ProgramData\Temp:85C5C53E
@Alternate Data Stream - 370 bytes -> C:\ProgramData\Temp:A6A0269E
@Alternate Data Stream - 365 bytes -> C:\ProgramData\Temp:90E02BAB
@Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:2C515259
@Alternate Data Stream - 358 bytes -> C:\ProgramData\Temp:CF52839E
@Alternate Data Stream - 356 bytes -> C:\ProgramData\Temp:7898E5D2
@Alternate Data Stream - 354 bytes -> C:\ProgramData\Temp:FB208757
@Alternate Data Stream - 353 bytes -> C:\ProgramData\Temp:A757EEE2
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:C5D15631
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:97427454
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:0F64164E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:C5340FA1
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:282CE153
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:ADEBE9CA
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:EC752217
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:69F562A6
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:49EB69E2
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:460638C7
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB5AA1E6
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:31C9BA96
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9A88B65D
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9338F136
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6AF6BB0E
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:66F7E5A9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:26991AB9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:26499772
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:B0EA26E5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:7D9B1030
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:53F09A92
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:401CAF8F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2F5A06FD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1E87A273
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9836B5E4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8F6B75BF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8751B175
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:0C9E06A2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:59465B40
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:32289BE8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CE3AADB7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B4530133
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AC9F291E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:922DA2DB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:88FB7F72
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:607A99D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4EFA2FC7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:44712999
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3B71586E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3241739E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:E94FA418
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:E402E439
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:398D2775
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:114C90CA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:0B79AB8D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:841E0E1B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:54403233
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:371060CE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:18A25CF1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:104A1C3E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E40D7F76
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D1FE35E7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:CA7E8F16
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:6FF14C72
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:67CF910D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:491270B8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3ADE134E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:2339C9FD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:120E44A4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:02CC0035
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E517FE76
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B5FD4AA1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A7C40691
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9EDA68BD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:80FA23CA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:67E674B0
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4A8EB1C4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:345A9A38
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0ED1C542
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:092BD83A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A9562832
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A1FD5369
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:8318A814
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:67A91473
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2E928E6E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:23834E1E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:17EB5BAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:12D9D48F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EF0F3F33
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B6D84F71
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3651A580
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBF0842B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B6E6C4EA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AAA06E15
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A6FE7BCC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:641A21EA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5A5477A9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:09629F6E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:F817E159
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C2E091F5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C0BCE04B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B0A727D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:9254F782
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:8FC568E1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:65484F45
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:60E755E6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:48D6EA0F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3480F458
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:16A4620C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FBA79096
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BD50071F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BACC4A79
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:AE8FDB48
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:AB0A5A80
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6212DF7A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:366EFA1A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:10B970A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:02172F27
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:94B25DF5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:8075370B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:37C279BE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:32AE8659
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2AD33723
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F1174C93
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EE2DD6CC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D434342F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CB3667AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B61767F5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AD179392
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:952245B1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:759B7D6F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5D570144
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:40DA0795
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CCD8056E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C0D23A2F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:92CA7E75
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:79875988
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3969ACF7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2F7C40B6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:12D21A9A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:041C0562
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EE445D7C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EDB03249
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BDDA21B6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8DBCF585
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:84C34762
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5A068EE1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:244E4E3A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0E5CFA74
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F8C2E3B9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F7BF538D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EDE28CFC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CC141B05
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C368C9EA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BF6C4AAC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AFC732F7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:95D421DF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8A620099
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB584AA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:59A6876B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D348522
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:195E8317
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BACBDD9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CE506F23
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8B4C1181
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:762408BA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:71AEFFEB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4A5CFD3B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1999DD0A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:0C1258F3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FD4C7AD3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F1175E1D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C89D1773
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C5E2BAEE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:997DA6D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7BE5BAAB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:678C1866
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DE875C30
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C48A983C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A6E01F67
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A5584049
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9968F0E2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7EB93F0E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:76682252
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4577F5B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0785072C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:04EAB86F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:04BC9A2C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D4558A0B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C0A9B815
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:639BB5E9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:596E2371
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:59540531
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:036AA5DD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E5496666
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1D06077
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:DF7A2D3E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D254266B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B2CCDB69
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:57DFBE4E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3ABC38E6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EB4FEEF5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B21F2857
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A13B696A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9524D821
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:574F975B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F3EFA8A8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EF0BD3A1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E4EE99EF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D4DD372D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:BA05E0C4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A745DB5D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9E3D44B7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9C3AAD57
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4C528C86
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3D1D487A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E11D90D0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:BEACE4C8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:569CEE83
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3815BC84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:268BA8AB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F49868C8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F2E92DCD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B504E4C2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2F947175
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:183A9046
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C8207070
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:315B4A13
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:1234ADAE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C669F3E1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:9E05DEB0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:1DB77A89
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F135A76C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EDF12A30
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EC855C73
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:961B84C5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7D938C9B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:709E81D4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1FA4C06F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:18B241CC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EB68CA55
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A391510C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9E9A3410
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:72A1B66A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:57176330
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4C9782FB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3E8A3E87
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1A8FDBA3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0E10B960
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:77B64C59
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4DCAC4BC
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:C9B27A06
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4F8B72C9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:0F38B460
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AED33A42
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:96AFAB10
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:45F3AD49
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A5822A3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:D92485C9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:3D36932D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:AD2DB2F9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:7B2BB690

< End of report >

Publicité

Signaler le contenu de ce document

Publicité