OTL logfile created on: 16/06/2011 19:40:20 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\moKa\Documents\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,98 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,32% Memory free
7,96 Gb Paging File | 6,29 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 400,29 Gb Free Space | 85,96% Space Free | Partition Type: NTFS
Computer Name: MOKA-PC | User Name: moKa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/16 19:29:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\moKa\Documents\Programme\OTL.exe
PRC - [2011/06/15 19:00:19 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/05/18 22:10:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/18 22:10:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/02/04 12:08:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/06/30 09:50:42 | 001,811,728 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
========== Modules (SafeList) ==========
MOD - [2011/06/16 19:29:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\moKa\Documents\Programme\OTL.exe
MOD - [2010/11/21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:
64bit: - [2011/05/01 10:16:00 | 000,420,864 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\x64\maconfservice.exe -- (maconfservice)
SRV:
64bit: - [2011/04/20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/06/14 22:24:13 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/18 22:10:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/18 22:10:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:
64bit: - [2011/04/20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/04/20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2011/04/13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:
64bit: - [2011/04/13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:
64bit: - [2011/03/30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:
64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2011/03/14 11:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:
64bit: - [2011/02/04 12:09:08 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:
64bit: - [2011/02/04 12:09:08 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:
64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:
64bit: - [2010/08/30 12:19:54 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand | Running] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV:
64bit: - [2010/06/01 17:28:10 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:
64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:
64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/28 11:07:14 | 000,376,848 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:
64bit: - [2009/05/28 11:07:14 | 000,061,712 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:
64bit: - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:
64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:
64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2010/07/09 12:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
Vous devez être
connecté pour voir les liens.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 C9 CF 85 89 14 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/06/16 19:09:36 | 000,435,212 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14976 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\moKa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Enregistrement du produit.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
Vous devez être
connecté pour voir les liens.
(Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Vous devez être
connecté pour voir les liens.
(Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Vous devez être
connecté pour voir les liens.
(Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a11fedfd-7296-11e0-9a11-890e5efb88cf}\Shell - "" = AutoRun
O33 - MountPoints2\{a11fedfd-7296-11e0-9a11-890e5efb88cf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b3398e95-720a-11e0-8b99-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b3398e95-720a-11e0-8b99-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/16 19:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2011/06/16 19:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free
[2011/06/16 18:59:19 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Roaming\Avira
[2011/06/16 18:16:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/16 18:16:24 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/16 18:16:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/16 18:16:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/16 18:16:23 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/15 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\moKa\Desktop\Nouveau dossier
[2011/06/15 19:20:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/06/15 19:20:40 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/06/15 19:20:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/06/15 19:20:40 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/06/15 19:20:39 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/06/15 19:18:48 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/06/15 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/06/15 19:00:37 | 000,000,000 | ---D | C] -- C:\Users\moKa\Desktop\LeagueOfLegends
[2011/06/15 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Local\PMB Files
[2011/06/15 19:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/06/15 19:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/06/14 23:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/06/14 22:20:48 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/14 22:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/14 22:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/05/18 03:00:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/05/18 03:00:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/05/18 01:22:42 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Roaming\Macromedia
[2011/05/18 01:22:42 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Roaming\Adobe
[2011/05/18 01:22:33 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/18 01:22:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/05/18 00:09:58 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2011/05/18 00:09:58 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2011/05/18 00:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
[2011/05/18 00:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011/05/17 23:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/17 23:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/17 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Roaming\ATI
[2011/05/17 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Local\ATI
[2011/05/17 22:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/17 22:07:17 | 000,043,328 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys
[2011/05/17 22:07:17 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2011/05/17 22:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2011/05/17 22:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGEAR
[2011/05/17 22:06:26 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/05/17 22:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/05/17 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/05/17 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/05/17 22:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/05/17 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/05/17 22:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/05/17 22:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/05/17 22:04:59 | 000,000,000 | ---D | C] -- C:\ATI
[2011/05/17 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2011/05/17 21:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2011/05/17 20:41:41 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011/05/17 20:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/05/17 20:41:11 | 000,000,000 | ---D | C] -- C:\Intel
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2011/05/17 20:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2011/05/17 20:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2011/05/17 20:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2011/05/17 20:39:36 | 000,000,000 | ---D | C] -- C:\Users\moKa\AppData\Local\Downloaded Installations
[2011/05/17 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\moKa\Documents\Drivers
[2011/05/17 19:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2011/05/17 19:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ma-config.com
[2011/05/17 19:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\ma-config.com
========== Files - Modified Within 30 Days ==========
[2011/06/16 19:32:26 | 000,000,072 | ---- | M] () -- C:\Users\moKa\AppData\Roaming\burnaware.ini
[2011/06/16 19:18:37 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2011/06/16 19:09:36 | 000,435,212 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/16 18:50:15 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 18:50:15 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 18:47:19 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/16 18:47:19 | 000,694,766 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/06/16 18:47:19 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/16 18:47:19 | 000,127,478 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/06/16 18:47:19 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/16 18:43:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/16 18:42:50 | 3205,619,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 18:40:03 | 000,266,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 20:41:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/15 19:22:53 | 000,007,598 | ---- | M] () -- C:\Users\moKa\AppData\Local\Resmon.ResmonCfg
[2011/06/15 19:20:41 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Jouer à League of Legends.lnk
[2011/06/14 22:56:08 | 000,000,679 | ---- | M] () -- C:\Users\moKa\Desktop\moKa - Raccourci.lnk
[2011/06/14 22:24:03 | 629,258,240 | ---- | M] () -- C:\Users\moKa\Desktop\lfslivecd-x86_64-6.3-r2145.iso
[2011/06/14 22:20:48 | 000,001,788 | ---- | M] () -- C:\Users\moKa\Desktop\Counter-Strike Source.lnk
[2011/06/14 22:16:53 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/14 20:22:31 | 651,165,696 | ---- | M] () -- C:\Users\moKa\Desktop\mageia-livecd-1-GNOME-europe1-americas-cdrom-i586.iso
[2011/06/13 00:18:48 | 000,001,195 | ---- | M] () -- C:\Users\moKa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Enregistrement du produit.lnk
[2011/05/18 11:53:15 | 000,196,005 | ---- | M] () -- C:\Users\moKa\Desktop\CoursReseauEISTI.zip
[2011/05/18 01:22:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/18 00:09:58 | 000,001,100 | ---- | M] () -- C:\Users\moKa\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Wizard 2010.lnk
[2011/05/17 22:09:54 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/05/17 19:58:46 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Démarrer la détection.lnk
========== Files Created - No Company Name ==========
[2011/06/16 19:18:37 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2011/06/15 20:41:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/15 19:22:53 | 000,007,598 | ---- | C] () -- C:\Users\moKa\AppData\Local\Resmon.ResmonCfg
[2011/06/15 19:20:41 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Jouer à League of Legends.lnk
[2011/06/14 23:01:48 | 000,000,072 | ---- | C] () -- C:\Users\moKa\AppData\Roaming\burnaware.ini
[2011/06/14 22:56:08 | 000,000,679 | ---- | C] () -- C:\Users\moKa\Desktop\moKa - Raccourci.lnk
[2011/06/14 22:20:48 | 000,001,788 | ---- | C] () -- C:\Users\moKa\Desktop\Counter-Strike Source.lnk
[2011/06/14 22:16:53 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/14 21:37:28 | 629,258,240 | ---- | C] () -- C:\Users\moKa\Desktop\lfslivecd-x86_64-6.3-r2145.iso
[2011/06/14 20:18:37 | 651,165,696 | ---- | C] () -- C:\Users\moKa\Desktop\mageia-livecd-1-GNOME-europe1-americas-cdrom-i586.iso
[2011/06/13 00:18:48 | 000,001,195 | ---- | C] () -- C:\Users\moKa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Enregistrement du produit.lnk
[2011/05/18 11:53:12 | 000,196,005 | ---- | C] () -- C:\Users\moKa\Desktop\CoursReseauEISTI.zip
[2011/05/18 00:09:58 | 000,001,100 | ---- | C] () -- C:\Users\moKa\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Wizard 2010.lnk
[2011/05/17 22:09:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/17 20:41:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2011/05/17 19:58:46 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Démarrer la détection.lnk
[2011/05/05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/06/16 18:42:50 | 3205,619,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 18:43:03 | 4274,163,712 | -HS- | M] () -- C:\pagefile.sys
< %SYSTEMDRIVE%\*.exe >
< %PROGRAMFILES%\*.* >
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %PROGRAMFILES%\*. >
[2011/05/17 22:06:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2011/05/17 22:05:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/05/17 14:53:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2011/06/16 19:18:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BurnAware Free
[2011/06/14 23:08:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/05/18 00:09:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CPUID
[2011/06/15 19:18:47 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/05/17 20:41:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/06/16 18:39:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/04/29 22:27:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/04/29 21:35:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2011/05/17 19:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/17 21:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Marvell
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/05/17 22:08:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NETGEAR
[2011/06/16 18:44:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opera
[2011/06/15 19:00:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/05/17 20:40:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Renesas Electronics
[2011/06/16 19:07:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/14 22:13:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2011/06/16 18:43:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009/07/14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/05/17 18:50:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/11/21 08:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/11/21 08:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 08:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 08:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/21 05:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 08:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: APPMGMTS.DLL >
[2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) MD5=4ABA3E75A76195A3E38ED2766C962899 -- C:\Windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0\appmgmts.dll
[2009/07/14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll
< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: BEEP.SYS >
[2009/07/14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: HIDSERV.DLL >
[2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\SysWOW64\hidserv.dll
[2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\winsxs\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_3cf5e466d58070d9\hidserv.dll
[2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=BD9EB3958F213F96B97B1D897DEE006D -- C:\Windows\SysNative\hidserv.dll
[2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=BD9EB3958F213F96B97B1D897DEE006D -- C:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede\hidserv.dll
< MD5 for: IASTOR.SYS >
[2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Users\moKa\Documents\Drivers\f6flpy-x64_10.5.0.1027\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
< MD5 for: IMM32.DLL >
[2010/11/21 05:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=A6F09E5669D9A19035F6D942CAA15882 -- C:\Windows\SysWOW64\imm32.dll
[2010/11/21 05:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=A6F09E5669D9A19035F6D942CAA15882 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
[2009/07/14 03:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\SysNative\imm32.dll
[2009/07/14 03:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
< MD5 for: KERNEL32.DLL >
[2010/11/21 05:24:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\SysNative\kernel32.dll
[2010/11/21 05:24:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2010/11/21 05:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\SysWOW64\kernel32.dll
[2010/11/21 05:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
< MD5 for: MSWSOCK.DLL >
[2010/11/21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
< MD5 for: NDIS.SYS >
[2010/11/21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NTFS.SYS >
[2010/11/21 05:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\SysNative\drivers\ntfs.sys
[2010/11/21 05:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
< MD5 for: NVSTOR.SYS >
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: PROQUOTA.EXE >
[2010/11/21 05:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/21 05:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2010/11/21 05:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/21 05:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe
< MD5 for: QMGR.DLL >
[2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
< MD5 for: SCECLI.DLL >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SPOOLSV.EXE >
[2010/11/21 05:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SysNative\spoolsv.exe
[2010/11/21 05:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TERMSRV.DLL >
[2010/11/21 05:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\SysNative\termsrv.dll
[2010/11/21 05:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: VOLSNAP.SYS >
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
< MD5 for: WININET.DLL >
[2011/04/22 21:10:01 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=2CA020EACDC6DDB2BEA89FEA02C90945 -- C:\Windows\SysWOW64\wininet.dll
[2011/04/22 21:10:01 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=2CA020EACDC6DDB2BEA89FEA02C90945 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[2011/04/23 00:08:29 | 001,188,864 | ---- | M] (Microsoft Corporation) MD5=2DCA688631F71722B0B5E57F526BB2EB -- C:\Windows\SysNative\wininet.dll
[2011/04/23 00:08:29 | 001,188,864 | ---- | M] (Microsoft Corporation) MD5=2DCA688631F71722B0B5E57F526BB2EB -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_7ad111182f6f29d5\wininet.dll
[2010/11/21 05:24:08 | 000,980,992 | ---- | M] (Microsoft Corporation) MD5=44214C94911C7CFB1D52CB64D5E8368D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[2011/04/22 21:51:33 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7A11DB452989040AD8570A3DCE2E9DE2 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[2011/04/22 21:51:18 | 001,189,376 | ---- | M] (Microsoft Corporation) MD5=BC661E59AE2BC840C6D8165F170DE7DE -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_7b4eddad4895cc39\wininet.dll
[2010/11/21 05:23:55 | 001,188,864 | ---- | M] (Microsoft Corporation) MD5=F6C5302E1F4813D552F41A0AC82455E5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
< MD5 for: WININIT.EXE >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010/11/21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010/11/21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< c:\$recycle.bin\*.* /s >
[2011/06/15 20:43:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$I25W76M
[2011/06/14 22:36:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$I2GXFTG.lnk
[2011/06/14 22:23:27 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$I2O8HYK.lnk
[2011/06/16 18:28:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$I4SL93C.zip
[2011/06/14 22:36:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$I5DQA72.lnk
[2011/06/16 18:19:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$II8S8IV.mkv
[2011/06/14 22:36:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$IIMLQPO.lnk
[2011/06/14 22:36:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$IJHLQXZ.lnk
[2011/06/14 22:23:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$IJQGN5N.lnk
[2011/05/17 18:48:01 | 000,000,887 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R2GXFTG.lnk
[2011/06/14 22:20:48 | 000,001,788 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R2O8HYK.lnk
[2011/06/15 20:43:47 | 085,545,007 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R4SL93C.zip
[2011/05/18 22:01:57 | 000,001,100 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R5DQA72.lnk
[2011/06/15 19:59:33 | 395,318,777 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$RI8S8IV.mkv
[2011/05/18 22:04:38 | 000,003,125 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$RIMLQPO.lnk
[2011/05/18 00:03:05 | 000,000,954 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$RJHLQXZ.lnk
[2011/06/14 22:20:48 | 000,001,790 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$RJQGN5N.lnk
[2011/04/28 22:52:07 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\desktop.ini
[2011/06/15 20:00:34 | 009,222,742 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0025.NEF
[2011/06/15 20:00:46 | 009,445,026 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0026.NEF
[2011/06/15 20:00:48 | 009,758,905 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0027.NEF
[2011/06/15 20:00:52 | 009,730,541 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0028.NEF
[2011/06/15 20:00:56 | 009,770,038 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0029.NEF
[2011/06/15 20:00:58 | 009,728,225 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0030.NEF
[2011/06/15 20:01:22 | 009,674,479 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0031.NEF
[2011/06/15 20:01:30 | 009,486,270 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0032.NEF
[2011/06/15 20:01:40 | 009,439,248 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3678398753-2559943332-3622990208-1000\$R25W76M\DSC_0033.NEF
< End of report >