[Résolu] Mes contacts mail reçoivent des liens que je n'envoie pas

[NeoKyrA]

Bonjours a tous,

Oui,je crois effectivement que j'ai un soucis avec ma boite mail (entre autre je pense...).Depuis quelques temps tous mes contacts reçoivent des mails provenant de mon adresse mais que je n'ai pas envoyé.Voici un des mails:

 

Most Endorsed FREE Website Hosting Provider | Account Suspended

Can I work and at the same time enjyo my time wiht my kiid?

 

ou encore:

 

Most Endorsed FREE Website Hosting Provider | Account Suspended

Guaratneed!

 

Et moi de mon coté je reçois autant (je crois,je ne les ai pas compté...) de message type Delivery Status Notification (Failure)‏:

 

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

rossfireman@aol.com

 

Seulement je ne connait pas rossfireman@aol.com et c'est le cas pour tous les mails,l'adresse est différente a chaque fois.

Ca commence à légèrement agacer mes amis.Je sais pas si ça peut être utile mais si ça peut faire gagner du temps,voici le rapport de hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:00:00, on 21/02/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

F:\Téléchargements\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?163d4499f45c42a6a48e09a33d4aee2b

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?163d4499f45c42a6a48e09a33d4aee2b

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: Secuser.com - Sécurité informatique et protection de la vie privée

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

 

--

End of file - 12929 bytes

 

 

En espérant que quelqu'un puisse m'aider je vous souhaite un bon courage,et merci déjà a ceux qui se pencheront sur le sujet.

Modifié le 1 mars 2011 par NeoKyrA

[lance_yien]

Bonjour NeoKyrA,

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

• Lire la totalité du message.
  
• Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
  Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

• CCleaner (si tu ne l'as pas déjà) depuis ici.
• Malware Bytes Anti-Malware depuis ici.
• Rkill (par Grinler) depuis un de ces liens:
  
  • Rkill.exe
    
  • Rkill.com
    
  • Rkill.scr

  [*]Security Check (par screen317) depuis ici ou ici.

 

>>> Lancer "CCleaner" en cliquant sur son icône sur le Bureau ou en cliquant sur "Démarrer" => "Tous les programmes" => "CCleaner".

Dans la fenêtre principale, cocher les cases comme ceci (d'autres cases peuvent être cochées pour ceux qui maîtrisent l'outil):

Cliquer sur "Nettoyeur" à gauche, sur "Analyser" à droite et laisser faire.

Cliquer sur "Nettoyer" quand c'est prêt autant de fois qu'il y a encore des items dans l'encadré à droite.

Il ne faut pas se servir du bouton "Registre" (à gauche) pendant la désinfection.

 

 

>>> Utiliser Rkill: Double-cliquer sur le fichier Rkill. Son seul rôle est de désactiver (jusqu'au nouveau démarrage du PC) certains processus de malware pour débloquer l'utilisation des programmes de désinfection.

- Si le 1er fichier télécharger ne fonctionne pas en essayer un autre.

- Si pour une raison quelconque le PC doit être redémarré avant la fin de ces étapes, accepter et relancer RKill de nouveau.

- Je n'ai pas besoin de voir le rapport qu'il produit.

 

 

>>> Utiliser Malwarebytes' Anti-Malware: Fermer tout et double-cliquer sur mbam-setup.exe (pour Vista/ Windows7, cliquer-droit dessus => "Exécuter en tant qu'Administrateur"). Suivre les indications en laissant tout par défaut. Cliquer sur Terminer sans rien changer.

- Lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom. Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher".

 

 

Patienter jusqu'à la fin (affichage du message ci-dessous)

 

 

Cliquer sur OK, pour fermer ce message.

 

- Cliquer sur "Afficher les résultats" puis s'assurer que tout est coché et cliquer sur "Supprimer la sélection".

 

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet Rapport/Logs de la fenêtre principale de MBAM. Poster son contenu dans la prochaine réponse.

 

 

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

 

Rapports demandés:

• Malwarebytes Anti-Malware log
• checkup.txt

[NeoKyrA]

Salut Lance_yien,tout d'abord merci d'avoir répondu si vite et de te pencher sur mon sujet.Comme demandé,voici les résultats obtenus:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 5838

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

22/02/2011 15:27:22

mbam-log-2011-02-22 (15-27-21).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 167034

Temps écoulé: 19 minute(s), 51 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 10

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

c:\documents and settings\iowa\application data\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\WINDOWS\system32\meqky_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\meqky_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\local settings\application data\hbbded_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\local settings\application data\hbbded_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\registrysmart scheduled scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\application data\registrysmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\application data\registrysmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\application data\registrysmart\Log\2007 jul 05 - 03_44_52 am_937.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

c:\documents and settings\iowa\application data\registrysmart\Log\2007 jul 05 - 03_45_10 am_000.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

 

Checkup:

 

Results of screen317's

 

Security Check version 0.99.8

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

 

AVG Free 9.0

OneCare Advisor (Windows

 

Live Toolbar)

```````````````````````````````

Anti-malware/Other Utilities

 

Check:

Ad-Aware

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 23

Adobe Flash Player

 

10.2.152.26

Adobe Reader 7.1.0 - Français

Out of date

 

Adobe Reader installed!

 

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware

 

AAWTray.exe is disabled!

 

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

 

 

J'espère avoir correctement répondu à tes attentes.Merci encore.

[lance_yien]

Malwarebytes' Anti-Malware a éliminé pas mal de choses. On approfondit la recherche!

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> Analyse en ligne: Insérer et allumer tous les média amovibles susceptibles d'avoir été en contact avec cette machine (clés USB, Disque durs externes etc...

Fermer toutes les applications ouvertes, désactiver tous les programmes de protection (antivirus, pare-feu, antispywares...) et utiliser impérativement Internet Explorer pour aller ICI.

• Cliquer sur le bouton Accept et installer tous les composants nécessaires proposés.
  
• Quand le téléchargement/ installation des fichiers nécessaires sont terminés et sous la section Scan (à gauche), sélectionner My Computer
  Ceci a pour effet de lancer l'analyse qui peut durer assez longtemps selon les machines et le degré d'infection. Laisser faire.
  
• A la fin, cliquer sur View scan report puis sur Save Report as.
  
• Changer le "Type de fichier" en Fichier texte.
  Cliquer sur Bureau (à gauche), nommer en "scan-results" et cliquer sur "Enregistrer" (à droite).

 

>>> Utiliser OTL: Télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

 

Rapports demandés:

• scan-results
• OTL.txt
• Extras.txt

[NeoKyrA]

Erf,problème...

Lorsque je suis sur Kaspersky Online Scanner,le site semble vérifier quelquechose sur mon pc (le "bouton" accepter n'est pas actif),et au bout de quelques secondes ce message s'affiche:Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.Pourtant il me semble bien avoir tout désactivé,j'ai mis IE à jour,et réinstaller au moins 5 ou 6 fois la dernière version de Java grâce au lien donné par Kaspersky Online Scanner...en vain...le même message revient tout le temps et je ne peux pas continuer la procédure.Là je commence a fatiguer,donc je laisse tomber pour ce soir.

[lance_yien]

Bonjour NeoKyrA,

 

Es-tu sûr d'avoir utilisé Internet Explorer et non un autre navigateur tel que Firefox? Si oui, laisse tomber l'analyse en ligne et fait la suite.

Pour le problème du bouton Accept, cela apparait sous Internet Explorer 7 ce qui ne semble pas ton cas d'après tes rapports. Pour le voir, cliquer sur la loupe en bas à droite de la fenêtre et sélectionner 75% (ne pas oublier de remettre à 100% quand la licence est acceptée).

Modifié le 23 février 2011 par lance_yien

[NeoKyrA]

Salut Lance_yien,

 

Wep j'ai bien utilisé Internet Explorer,j'ai essayé de nouveau mais toujours pareil...le bouton accept ne se met pas en surbrillance et je suis censé installé Java,ce qui est déjà fait normalement...enfin,passons,donc voici le premier rapport:

 

 

OTL logfile created on: 24/02/2011 01:51:00 - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\iowa\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

446,00 Mb Total Physical Memory | 172,00 Mb Available Physical Memory | 39,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38,28 Gb Total Space | 1,09 Gb Free Space | 2,84% Space Free | Partition Type: NTFS

Drive F: | 54,88 Gb Total Space | 36,45 Gb Free Space | 66,42% Space Free | Partition Type: NTFS

 

Computer Name: YOUR-A734457C79 | User Name: iowa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/02/24 01:26:05 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\iowa\Bureau\OTL.exe

PRC - [2010/12/15 14:10:43 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2010/11/24 14:01:33 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/11/24 13:52:44 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/09/28 08:30:12 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/07/16 12:17:22 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/07/16 12:16:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/07/16 12:16:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/11/15 21:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe

PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/01/30 18:36:14 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe

PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/11 07:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2007/10/11 07:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2007/10/11 07:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe

PRC - [2005/08/10 10:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

PRC - [2005/07/07 23:13:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

PRC - [2005/04/11 16:08:00 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/02/24 01:26:05 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\iowa\Bureau\OTL.exe

MOD - [2011/02/23 15:11:33 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\iowa\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

MOD - [2008/04/13 18:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll

MOD - [2007/02/05 14:39:22 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll

MOD - [2003/10/03 12:21:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2010/12/15 14:11:06 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2010/12/15 14:10:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2010/12/15 14:10:43 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2010/07/16 12:16:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2007/10/11 07:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2005/08/10 10:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

SRV - [2005/07/07 23:13:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/12/15 14:10:46 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2010/07/16 12:17:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/07/16 12:16:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/06/03 08:23:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/05/31 11:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2010/05/31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2007/11/12 05:17:55 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2007/11/02 11:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdm.sys -- (s916mdm)

DRV - [2007/11/02 11:47:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mgmt.sys -- (s916mgmt) Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM)

DRV - [2007/11/02 11:47:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916obex.sys -- (s916obex)

DRV - [2007/11/02 11:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)

DRV - [2007/11/02 11:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdfl.sys -- (s916mdfl)

DRV - [2006/11/24 18:54:56 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt)

DRV - [2006/11/24 18:54:56 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt)

DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV - [2005/11/30 11:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)

DRV - [2005/11/19 02:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2005/11/15 17:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/11/11 00:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/10/20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)

DRV - [2005/09/12 19:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/08/01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005/08/01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005/08/01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005/08/01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005/08/01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005/08/01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005/08/01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/07/28 03:30:00 | 000,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2005/07/07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/07/07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005/07/07 05:10:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2005/03/04 19:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2004/11/29 19:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004/11/25 17:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2004/10/28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2004/10/14 23:14:04 | 000,185,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)

DRV - [2004/05/13 14:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004/05/13 12:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004/01/21 02:14:46 | 000,005,915 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)

DRV - [2004/01/21 02:14:42 | 000,271,360 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) Labtec WebCam Pro(PID_08A0)

DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2003/09/10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003/06/02 15:28:02 | 000,040,060 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulink.sys -- (Usblink)

DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

DRV - [2002/09/16 17:07:24 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)

DRV - [2002/07/17 09:05:10 | 000,016,512 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = MSN.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 79 C5 AC 67 D3 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.ecofree.org/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872

FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - prefs.js..keyword.URL: "http://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 13:56:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/29 01:00:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/03 18:08:49 | 000,000,000 | ---D | M]

 

[2008/12/20 21:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Extensions

[2011/02/23 00:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions

[2010/08/22 13:18:50 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2010/05/30 22:38:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/05 10:42:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/22 13:19:02 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

[2010/09/10 18:02:41 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2011/02/23 03:21:23 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\searchplugins\bing.xml

[2011/02/22 01:50:47 | 000,001,425 | ---- | M] () -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\searchplugins\ecofreeorg---france.xml

[2007/07/24 13:56:37 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\searchplugins\LiveSearch.xml

[2011/02/23 03:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2007/05/14 10:31:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/01/03 18:08:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/23 03:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2010/11/24 13:56:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX

[2011/02/23 03:05:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/02/23 03:05:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010/10/21 13:09:54 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/10/21 13:09:54 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/10/21 13:09:54 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2006/09/10 12:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml

[2010/10/21 13:09:55 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/10/21 13:09:55 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found

O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll (Giganology Inc.)

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)

O4 - Startup: C:\Documents and Settings\iowa\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getAllurl.htm ()

O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm ()

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui (Microsoft Corporation)

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui (Microsoft Corporation)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: secuser.com ([www] http in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\iowa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\iowa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/12/09 07:03:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{043a218d-f1d2-11db-a3fc-0011f5df645d}\Shell\Auto\command - "" = RavMonE.exe e

O33 - MountPoints2\{043a218d-f1d2-11db-a3fc-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

O33 - MountPoints2\{14f3f19a-294d-11df-a95c-0011f5df645d}\Shell\AutoRun\command - "" = SamsungSoftware\APPInst.exe

O33 - MountPoints2\{231bbb28-ff9c-11db-a427-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{231bbb28-ff9c-11db-a427-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{3efff826-2633-11de-a7d2-0011f5df645d}\Shell\Auto\command - "" = E:\AdobeR.exe e

O33 - MountPoints2\{3efff826-2633-11de-a7d2-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell - "" = AutoRun

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell\1\Command - "" = RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell\2\Command - "" = RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{65f340a6-6e78-11dc-a51c-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{65f340a6-6e78-11dc-a51c-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{82ec2860-fc02-11da-a087-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{82ec2860-fc02-11da-a087-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\Shell\AutoRun\command - "" = cold\hott\raidhost.exe

O33 - MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\Shell\Explore\Command - "" = cold\hott\raidhost.exe

O33 - MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\Shell\open\command - "" = cold\hott\raidhost.exe

O33 - MountPoints2\{8df0509e-a182-11db-a2e9-0011f5df645d}\Shell\Auto\command - "" = E:\AdobeR.exe e

O33 - MountPoints2\{8df0509e-a182-11db-a2e9-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{91021662-abe3-11dc-a593-0011f5df645d}\Shell\Auto\command - "" = G:\AdobeR.exe e

O33 - MountPoints2\{91021662-abe3-11dc-a593-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{a262d41e-0ea5-11e0-aa8e-0011f5df645d}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe

O33 - MountPoints2\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\Shell\Auto\command - "" = E:\AdobeR.exe e

O33 - MountPoints2\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{eb802be6-0d32-11dc-a458-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{eb802be6-0d32-11dc-a458-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{f00c7b60-da11-11da-9ff5-0011f5df645d}\Shell\AutoRun\command - "" = .pspware\PSPWareLauncher.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()

Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183528496136192)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/24 01:25:59 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\iowa\Bureau\OTL.exe

[2011/02/23 03:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iowa\Menu Démarrer\Programmes\Accessoires

[2011/02/23 03:41:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/02/23 03:05:46 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/02/23 03:05:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/02/23 03:05:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/02/23 03:05:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/02/23 02:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iowa\Application Data\PriceGong

[2011/02/23 01:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine

[2011/02/23 01:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/02/22 15:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iowa\Application Data\Malwarebytes

[2011/02/22 14:59:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/02/22 14:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/02/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/02/22 14:59:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/02/22 14:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/02/22 14:52:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\iowa\Recent

[2011/02/22 14:03:21 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\iowa\Bureau\mbam-setup.exe

[2011/02/07 22:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner

[2011/02/07 21:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance

[2011/02/07 21:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iowa\Local Settings\Application Data\Microsoft Corporation

[2011/02/07 20:05:40 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe

[2008/03/26 22:00:31 | 009,085,384 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp552_full_emusic-7plus_fr-fr.exe

[2005/12/09 10:02:57 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 F:\*.tmp files -> F:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/24 01:26:05 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\iowa\Bureau\OTL.exe

[2011/02/23 21:25:23 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011/02/23 15:24:40 | 071,633,245 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2011/02/23 15:10:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/02/23 15:10:28 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys

[2011/02/23 06:06:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/02/23 03:58:00 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\iowa\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk

[2011/02/23 03:34:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/02/23 03:21:24 | 000,001,081 | ---- | M] () -- C:\Documents and Settings\iowa\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk

[2011/02/23 03:05:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/02/23 03:05:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/02/23 03:05:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/02/23 03:05:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/02/23 03:05:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/02/22 14:59:44 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/02/22 14:09:02 | 000,879,047 | ---- | M] () -- C:\Documents and Settings\iowa\Bureau\SecurityCheck.exe

[2011/02/22 14:08:43 | 000,721,253 | ---- | M] () -- C:\Documents and Settings\iowa\Bureau\rkill.exe

[2011/02/22 14:05:34 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\iowa\Bureau\mbam-setup.exe

[2011/02/19 19:35:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/02/10 13:01:53 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/02/10 02:20:29 | 000,191,253 | ---- | M] () -- C:\Documents and Settings\iowa\Bureau\les-simpsons.jpg

[2011/02/07 22:14:40 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2011/02/07 20:01:30 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe

[2011/01/25 16:43:38 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\iowa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 F:\*.tmp files -> F:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/02/23 03:58:00 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\iowa\Menu Démarrer\Programmes\Internet Explorer.lnk

[2011/02/23 03:44:55 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/02/23 03:21:24 | 000,001,081 | ---- | C] () -- C:\Documents and Settings\iowa\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk

[2011/02/22 14:59:44 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/02/22 14:08:49 | 000,879,047 | ---- | C] () -- C:\Documents and Settings\iowa\Bureau\SecurityCheck.exe

[2011/02/22 14:08:30 | 000,721,253 | ---- | C] () -- C:\Documents and Settings\iowa\Bureau\rkill.exe

[2011/02/10 02:20:21 | 000,191,253 | ---- | C] () -- C:\Documents and Settings\iowa\Bureau\les-simpsons.jpg

[2011/02/07 22:14:39 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2011/01/25 16:43:38 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\iowa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/02 19:05:33 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/01 00:57:34 | 000,039,712 | ---- | C] () -- C:\WINDOWS\System32\ASL.dll

[2010/05/17 00:31:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI

[2010/05/16 20:51:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/02/10 12:24:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2010/01/21 20:41:41 | 000,003,247 | ---- | C] () -- C:\Documents and Settings\iowa\Local Settings\Application Data\hbbded.dat

[2009/11/28 01:12:54 | 000,038,434 | ---- | C] () -- C:\Documents and Settings\iowa\Local Settings\Application Data\kpaqca.exe

[2008/12/02 23:41:44 | 014,618,605 | ---- | C] () -- C:\Program Files\vlc-0.9.6-win32.exe

[2008/10/10 16:39:26 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI

[2008/06/17 11:26:50 | 000,105,234 | ---- | C] () -- C:\Program Files\gwsetup.zip

[2008/06/10 17:46:04 | 002,202,112 | ---- | C] () -- C:\Program Files\setup.exe

[2008/06/10 17:46:04 | 000,000,305 | ---- | C] () -- C:\Program Files\AIDE.txt

[2008/04/24 11:31:11 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll

[2008/04/24 11:31:11 | 000,827,392 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll

[2008/04/24 11:31:11 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll

[2008/04/24 11:31:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll

[2008/04/24 11:31:10 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll

[2008/04/24 11:31:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EvrcDecDll.dll

[2008/04/24 11:31:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll

[2008/04/09 13:23:18 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll

[2008/04/09 13:23:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2007/11/18 22:51:14 | 003,534,848 | ---- | C] () -- C:\WINDOWS\System32\engine.dll

[2007/11/12 05:17:54 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2007/10/24 21:55:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\Mr-Gooochie.Ini

[2007/10/24 14:29:11 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\CBMSchpr.dll

[2007/09/16 16:50:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2007/09/11 18:20:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2007/08/04 21:35:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/04/07 18:28:56 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll

[2007/04/06 16:43:24 | 000,012,208 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/04/06 16:43:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7B84DB5851.sys

[2007/04/06 16:40:51 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2007/04/06 16:40:51 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL

[2007/04/06 16:40:51 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2007/04/06 16:40:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL

[2007/04/06 16:40:51 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL

[2007/04/03 10:09:47 | 000,000,052 | ---- | C] () -- C:\WINDOWS\dial-messenger.ini

[2007/02/05 14:47:48 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/02/05 14:47:48 | 000,016,704 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/05 14:47:40 | 000,016,042 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2006/12/27 15:20:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL

[2006/11/24 18:54:56 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys

[2006/11/24 18:54:56 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys

[2006/11/10 16:31:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI

[2006/09/07 19:48:38 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\iowa\Application Data\wklnhst.dat

[2006/08/31 18:39:50 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2006/08/31 18:39:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2006/08/02 00:23:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2006/06/15 12:26:52 | 000,040,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys

[2006/05/22 13:21:39 | 000,000,018 | ---- | C] () -- C:\WINDOWS\cnc.ini

[2006/05/22 12:09:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\gfscore.ini

[2006/05/22 12:07:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini

[2006/05/22 12:00:37 | 000,000,087 | ---- | C] () -- C:\WINDOWS\chiffres.ini

[2006/05/22 10:10:20 | 000,000,179 | ---- | C] () -- C:\WINDOWS\cncscore.ini

[2006/05/22 10:01:31 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw

[2006/05/04 20:28:39 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2

[2006/04/25 22:18:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI

[2006/04/25 22:18:24 | 000,000,355 | ---- | C] () -- C:\WINDOWS\BeatBox.INI

[2006/04/25 20:33:31 | 000,000,263 | ---- | C] () -- C:\WINDOWS\musicmaker.INI

[2006/04/25 20:27:15 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll

[2006/04/25 20:21:56 | 000,002,813 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2006/04/25 19:26:20 | 000,202,240 | ---- | C] () -- C:\Documents and Settings\iowa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/04/25 15:38:53 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\iowa\Local Settings\Application Data\fusioncache.dat

[2005/12/09 11:59:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/12/09 11:18:05 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/12/09 10:25:35 | 000,000,270 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/12/09 10:15:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/12/09 10:15:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/12/09 10:15:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/12/09 10:15:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/12/09 10:15:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/12/09 10:15:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/12/09 10:13:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2005/12/09 10:08:08 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys

[2005/12/09 10:08:08 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2005/12/09 10:02:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll

[2005/12/09 10:01:13 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2005/12/09 10:01:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2005/12/09 10:01:13 | 000,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2005/12/09 10:01:13 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2005/12/09 09:56:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005/12/09 07:55:52 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/12/09 07:06:09 | 000,000,931 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/12/09 06:49:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll

[2005/12/09 06:49:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/11 22:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/03/14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2004/10/12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2004/10/12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2004/10/12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2004/10/09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2004/10/05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2003/11/08 20:16:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SAA.dll

[2003/09/25 18:48:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SAAPlug.dll

[2003/04/01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/12/02 16:00:55 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010/11/12 03:39:42 | 000,001,024 | ---- | M] () -- C:\.rnd

[2006/12/04 19:11:40 | 000,000,040 | ---- | M] () -- C:\Auth.prof

[2005/12/09 07:03:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/07/01 00:16:26 | 000,608,256 | ---- | M] () -- C:\blackra1n.exe

[2010/07/01 00:47:21 | 000,000,064 | ---- | M] () -- C:\blackra1n.log

[2009/07/27 20:09:41 | 000,000,216 | RHS- | M] () -- C:\boot.ini

[2004/08/05 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2005/12/09 07:03:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/06/30 04:29:15 | 000,000,000 | ---- | M] () -- C:\conmgr.log

[2011/02/23 15:10:28 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys

[2005/12/09 07:03:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/12/30 03:07:38 | 000,000,000 | ---- | M] () -- C:\log_lobby.txt

[2008/12/30 03:07:38 | 000,000,000 | ---- | M] () -- C:\log_lobby_dumper.txt

[2005/12/09 07:03:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2006/05/04 20:28:46 | 000,000,016 | -H-- | M] () -- C:\mxfilerelatedcache.mxc2

[2004/08/05 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/10/15 14:20:25 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2011/02/23 15:10:26 | 701,767,680 | -HS- | M] () -- C:\pagefile.sys

[2007/09/11 16:46:57 | 000,005,173 | ---- | M] () -- C:\resultat.txt

[2011/02/22 14:56:33 | 000,000,405 | ---- | M] () -- C:\rkill.log

[2009/02/04 21:27:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2007/05/01 21:34:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2007/05/02 05:20:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2007/05/02 10:52:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2007/08/19 23:30:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2007/08/20 18:30:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2007/08/20 23:47:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2007/08/21 18:18:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2007/08/21 21:34:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2007/08/22 12:07:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2007/08/22 18:09:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2007/08/22 22:16:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2007/08/23 11:23:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2007/08/24 14:47:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2007/09/02 01:29:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2007/09/05 03:57:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm

[2008/02/14 17:15:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2008/02/29 15:26:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2008/08/09 12:48:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2009/02/04 21:24:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/02/04 21:27:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2007/05/01 21:34:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2007/05/02 05:20:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2007/05/02 10:52:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2007/08/19 23:30:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2007/08/20 18:30:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2007/08/20 23:47:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2007/08/21 18:18:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2007/08/21 21:34:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2007/08/22 12:07:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2007/08/22 18:09:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2007/08/22 22:16:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2007/08/23 11:23:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2007/08/24 14:47:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2007/09/02 01:29:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2007/09/05 03:57:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2008/02/14 17:15:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2008/02/29 15:26:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2008/08/09 12:48:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2009/02/04 21:24:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2005/12/16 14:30:57 | 000,000,176 | -H-- | M] () -- C:\SWSTAMP.TXT

[2009/01/15 05:46:22 | 000,139,284 | ---- | M] () -- C:\wmdm.log

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2005/12/09 07:54:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2005/12/09 07:54:27 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2005/12/09 07:54:26 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %systemroot%\system32\drivers\*.sys /90 >

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-23 05:06:38

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VSFilter.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSBWLS.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPwrReg.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPSMainCtl.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPSMain.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPSBattM.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPeculiarity.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TOSCDSPD.cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TCtrlIO.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TCtrlCommon.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TCMSVR.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPFcs.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sstunst2.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sstunins.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RTSndMgr.Cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RealMediaSplitter.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qttask.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QCUI2.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oggsplitter.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomctl.ocx:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpg4c32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Mfc42loc.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MatroskaSplitter.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltkrn12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltimg12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltfil12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltefx12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Ltdis12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LQCUI2.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\logoxp.jpg:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LMRTREND.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\libmplayer.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\libavcodec.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftif12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lffax12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfcmp12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfbmp12n.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LCamCpl.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IVIresizeA6.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HWSETUP.cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ffdshow.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drvc.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WOWHD_kern_i386.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ulink.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Tvs.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SynTP.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sfsync02.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sfhlp02.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sfdrv01.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Rtlnicxp.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RTL8139.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Netdevio.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NBSMI.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\lv302af.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\lilsgt.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ithsgt.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DLACDBHM.SYS:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ativvpxx.vp:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ativckxx.vp:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ativcaxx.vp:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ativcaxx.cpa:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati2mtag.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ar5211.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AGRSM.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AegisP.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLLRES32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLLIO32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLLDRV32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLLDEV32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CpuPerf.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CoreVorbis.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNMVS66.DLL:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNMLM66.DLL:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CmdLineExt.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CamCpl.cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AviSplitter.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Audiodev.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ativvaxx.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atitvo32.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atipdlxx.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atioglxx.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atikvmag.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atiicdxx.dat:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ati3duag.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ati2dvag.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ati2cqag.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\athcfg11ResLoc.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\athcfg11res.dll:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ALSndMgr.Cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AddRemove.ico:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acs.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ac3filter.cpl:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SoundMan.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\RTHDCPL.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\p_981116.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\alcwzrd.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Alcmtr.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Program Files\mxfilerelatedcache.mxc2:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\iowa\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\iowa\Application Data\desktop.ini:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\desktop.ini:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> F:\ElbyCDIO.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> F:\Copie de desktop.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\www.soyabean.com.scr:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmprfFRA.prx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wininit.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\unin040c.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TWallEx43_169.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TVersion.xml:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TOSHIBA Satellite.bmp.169:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TLocationShortCut.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\XMNT2002.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmoe.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrFRA.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmaudsdk.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wgapiloc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wgapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wcapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w95inf32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w95inf16.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vidx16.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbsfr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAFR32.OLB:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vatee.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unam4ie.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TTIC32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TTI32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPwrSave.cpl:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPSDel.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPSAddin.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tosmreg.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tosmreg.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Toshiba.cab:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ToshBIOS.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tm20dec.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynTPCo2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynCtrl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sipr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET78.flv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SET66.flv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrnfr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scofr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rv40.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rv30.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rv20.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rv10.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RtlCPAPI.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RmWLAN.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RLTTADec.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RLOFRDec.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\results.txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\record.flv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qtp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\quartz.vxd:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QTPlugin.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qcut.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxwma.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxinsi64.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PlugPlayPCIDevice.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi00C.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd00C.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OptimFROG.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Oemdspif.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Npindeo.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml4a.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPRPFR.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mgxoschk.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mgxcdr.txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mgxasio.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCFirstRemove.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42FRA.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40loc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciqtz.drv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LVUI2RC.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LVUI2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lvkrn12n.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LVComS.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LVComC.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lvcoinst.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lvcoinst.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lvcodec2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltscr12n.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltocx12n.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LoopyMusic.wav:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_04-b05.log:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Iyvu9_32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeW7.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizePX.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeP6.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeM6.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InstallInf.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETWH32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\indounin.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hxltcolor.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HtmlWH.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlp95en.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HdAudRes.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HdAShCut.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HdAProp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GplMpgDec.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gplmpg.reg:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ffdshow.en:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ffdshow.ax.manifest:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ff_x264.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ff_wmv9.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ff_theora.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ff_mpeg2enc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxtmsft3.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dtsac3source.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drv2.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drv1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StMp3Rec.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RTHDAEQ1.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RTHDAEQ0.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PQNTDRV.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\M5633.bin:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVUSBSta.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LV302AV.SYS:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Hdaudio.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DRVNDDM.SYS:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DLARTL_N.SYS:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2erec.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLTPO32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLRD32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLPTL32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLPRJ32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLPRF32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLPNT32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLMSC32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLIX.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLISO32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLIMG32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLDIR32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLCPY32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLCDF32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLCDA32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpui.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcore.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcd.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmp.ocx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migrate.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iuengine.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmstor.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLAV32.lib:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLAV32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLAAPI_W.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DelRunOnceReg.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cseltbl.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csellang.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csellang.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cselect.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CoreFLACDecoder.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cook.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ControlWZCS.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\system.sav:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\software.sav:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\config\default.sav:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNCS32.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cncs232.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CloseACU.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.rll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ChCfg.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Chaînes.scf:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdxareader.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capicom.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BuzzingBee.wav:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrc.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ativcoxx.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atioglx1.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atiiiexx.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atifglpf.xml:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATIDEMGR.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATIDDC.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ati2mdxx.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\athcfg11.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AegisI5.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AegisE5.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\access.ctl:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ac3filter.ax:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.EXE:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RtlUpd.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RtlExUpd.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RTLCPL.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rtcw.INI:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Robota.INI:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Mur de Santa Fe.bmp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mickey32.dll:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MicCal.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mgxoschk.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\MakeMrk.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Jour de pêche.bmp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUn040c.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit vert.bmp:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\gfscore.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\gfact.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ereg.dlx:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DLA.EXE:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Ctregrun.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cncscore.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cnc.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\chiffres.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cfdemo.scr:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cfdemo.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\BeatBox.INI:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\agrsmdel.exe:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_delis32.ini:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\SWSTAMP.TXT:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Program Files\Global.sw:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\mxfilerelatedcache.mxc2:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\iowa\LuResult.txt:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\iowa\Local Settings\Application Data\fusioncache.dat:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Lanceur de tâches Microsoft Works.lnk:KAVICHS

@Alternate Data Stream - 36 bytes -> C:\Auth.prof:KAVICHS

@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS

@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS

@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS

@Alternate Data Stream - 228 bytes -> C:\WINDOWS\musicmaker.INI:KAVICHS

@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\iowa\ntuser.ini:KAVICHS

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59756FA4

@Alternate Data Stream - 100 bytes -> F:\Roger[1].doc:KAVICHS

@Alternate Data Stream - 100 bytes -> F:\desktop.ini:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wshfr.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TPwrCfg.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TPSTrace.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\STRING32.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Ltwvc12n.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\jsfr.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\IVIresize.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ITIG726.acm:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Iacenc.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\RtkHDAud.Sys:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\iviaspi.sys:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ACPIEC.sys:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DLLVGA.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ati2evxx.exe:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ati2evxx.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ati2edxx.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\agrsmmsg.exe:KAVICHS

 

< End of report >

[NeoKyrA]

Et le second:

 

OTL Extras logfile created on: 24/02/2011 01:51:00 - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\iowa\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

446,00 Mb Total Physical Memory | 172,00 Mb Available Physical Memory | 39,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38,28 Gb Total Space | 1,09 Gb Free Space | 2,84% Space Free | Partition Type: NTFS

Drive F: | 54,88 Gb Total Space | 36,45 Gb Free Space | 66,42% Space Free | Partition Type: NTFS

 

Computer Name: YOUR-A734457C79 | User Name: iowa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AAW2007] -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe /scanfolder "%1" (Lavasoft AB)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"16637:TCP" = 16637:TCP:*:Enabled:NortonAV

"14750:TCP" = 14750:TCP:*:Enabled:NortonAV

"14387:TCP" = 14387:TCP:*:Enabled:NortonAV

"17304:TCP" = 17304:TCP:*:Enabled:NortonAV

"18742:TCP" = 18742:TCP:*:Enabled:NortonAV

"18974:TCP" = 18974:TCP:*:Enabled:NortonAV

"17816:TCP" = 17816:TCP:*:Enabled:NortonAV

"12960:TCP" = 12960:TCP:*:Enabled:NortonAV

"18015:TCP" = 18015:TCP:*:Enabled:NortonAV

"13543:TCP" = 13543:TCP:*:Enabled:NortonAV

"12934:TCP" = 12934:TCP:*:Enabled:NortonAV

"15334:TCP" = 15334:TCP:*:Enabled:NortonAV

"14458:TCP" = 14458:TCP:*:Enabled:NortonAV

"13981:TCP" = 13981:TCP:*:Enabled:NortonAV

"13110:TCP" = 13110:TCP:*:Enabled:NortonAV

"17838:TCP" = 17838:TCP:*:Enabled:NortonAV

"18070:TCP" = 18070:TCP:*:Enabled:NortonAV

"17264:TCP" = 17264:TCP:*:Enabled:NortonAV

"13176:TCP" = 13176:TCP:*:Enabled:NortonAV

"18866:TCP" = 18866:TCP:*:Enabled:NortonAV

"18063:TCP" = 18063:TCP:*:Enabled:NortonAV

"18952:TCP" = 18952:TCP:*:Enabled:NortonAV

"18480:TCP" = 18480:TCP:*:Enabled:NortonAV

"15441:TCP" = 15441:TCP:*:Enabled:NortonAV

"13552:TCP" = 13552:TCP:*:Enabled:NortonAV

"14838:TCP" = 14838:TCP:*:Enabled:NortonAV

"12380:TCP" = 12380:TCP:*:Enabled:NortonAV

"18021:TCP" = 18021:TCP:*:Enabled:NortonAV

"15354:TCP" = 15354:TCP:*:Enabled:NortonAV

"13986:TCP" = 13986:TCP:*:Enabled:NortonAV

"18005:TCP" = 18005:TCP:*:Enabled:NortonAV

"14112:TCP" = 14112:TCP:*:Enabled:NortonAV

"16517:TCP" = 16517:TCP:*:Enabled:NortonAV

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\AdobeR.exe" = E:\AdobeR.exe:*:Disabled:AdobeR

"C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe" = C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe:*:Enabled:[Emoticons-plus.com] Winkaa 2.0 -- (Aapie.Net)

"C:\Documents and Settings\iowa\Local Settings\Temporary Internet Files\Content.IE5\LSG39DG9\installer-9093-17-Nero-7-7-5-9-0-French[1].exe" = C:\Documents and Settings\iowa\Local Settings\Temporary Internet Files\Content.IE5\LSG39DG9\installer-9093-17-Nero-7-7-5-9-0-French[1].exe:*:Enabled:installer-9093-17-Nero-7-7-5-9-0-French[1]

"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe

"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe

"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"C:\Program Files\Giganology\Gigaget\Gigaget.exe" = C:\Program Files\Giganology\Gigaget\Gigaget.exe:*:Enabled:Gigaget -- (Giganology Inc.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager

"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi

"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver

"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI

"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)

"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38DEDC0E-1584-4073-8278-61CCF78EFA1F}" = Avi Info Tooltip

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA

"{40F7DDA6-F115-1517-2E8B-C509137F6D3D}" = Marc Ecko's Getting Up - Contents Under Pressure

"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}" = Labtec WebCam

"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager

"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn

"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch

"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA

"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility

"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility

"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{6D7F8D4B-D1A4-402A-973E-31E90940E585}" = OneCare Advisor (Windows Live Toolbar)

"{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}" = Barre d'outils Outlook de Windows Live (Windows Live Toolbar)

"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar

"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA

"{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}" = Bloqueur de fenêtres pop-up (Windows Live Toolbar)

"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA

"{AC76BA86-7AD7-1036-7B44-A71000000002}" = Adobe Reader 7.1.0 - Français

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E916E61F-DE9D-4EAF-91E1-CEB50016326A}" = Navigation par onglets (Windows Live Toolbar)

"{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}" = Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA

"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"7-Zip" = 7-Zip 4.57

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel

"ATI Display Driver" = ATI Display Driver

"AVG9Uninstall" = AVG Free 9.0

"AX-Cursors 4.5" = Axialis AX-Cursors 4.5

"CCleaner" = CCleaner

"eMule" = eMule

"Freecorder Toolbar" = Freecorder Toolbar

"Freecorder Toolbar3.03" = Freecorder Toolbar 3.03 Application

"Freecorder4.0" = Freecorder 4.0 Application

"gigaget_is1" = Gigaget

"Google Updater" = Outil de mise à jour Google

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"LabtecDrv" = Programme de gestion Camera de Logitech®

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OpenAL" = OpenAL

"Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA

"PokerStars.fr" = PokerStars.fr

"Power Saver" = Gestion d'énergie TOSHIBA

"Spotify" = Spotify

"Syncrosoft's License Control" = Le Centre de Contrôle de Licences de Syncrosoft

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"VLC media player" = VLC media player 0.9.9

"Vuze_Remote Toolbar" = Vuze_Remote Toolbar

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XP Codec Pack" = XP Codec Pack

"YInstHelper" = Yahoo! Install Manager

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Notification de cadeaux MSN" = Notification de cadeaux MSN

"Winamp Detect" = Détection de l'application Winamp

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

 

 

Wow,ça fait peur tout ça !! xD

Bonne "lecture" et merci encore !!

[lance_yien]

Bonjour,

 

Ces deux ligne:

446,00 Mb Total Physical Memory | 172,00 Mb Available Physical Memory | 39,00% Memory free

Drive C: | 38,28 Gb Total Space | 1,09 Gb Free Space | 2,84% Space Free | Partition Type: NTFS

 

Indiquent une insuffisance de RAM (1GB serait un minimum) et d'espace disque (15% d'espace libre est un minimum recommandé). Je t'indiquerai un programme à utiliser quand on a fini ensemble.

 

 

>>> Des programmes potentiellement dangereux:

• Je vois que tu as des programmes de réseau de partage (P2P) installés sur ta machine:
  C:\Program Files\Azureus
  C:\Program Files\eMule
  C:\Program Files\BitTorrent_DNA
  C:\Program Files\BitTorrent
  C:\Program Files\Vuze_Remote
  Il y a de plus en plus d'infections très dangereuses (genre rootkits) qui s'installent via ces réseaux. Hé oui, les pirates aussi aiment bien le partage Il n'y a qu'à parcourir les Forums pour voir le nombre de PC victimes de ces programmes.
  Je te recommande de lire cet article et prendre la BONNE DECISION de désinstaller/ supprimer de ta machine tout ce qui se rapporte aux P2P , *.Torrent , Warez , Crack , keygen etc...
  J'inclus ces dossiers dans le script de suppression de OTL. Si tu préfère gardes un programme, supprime sa ligne de la liste.
  
• Ces programmes et tout ce qui est ToolBar/Barre d'outils se font installer par des applications sans rien demander à l'utilisateur et incluent des spyware pour récupérer des infos personnelles:
  C:\Program Files\Freecorder
  C:\Program Files\Winamp Toolbar
  C:\Program Files\ConduitEngine
   
  Ma suggestion est de les désinstaller depuis Ajout/ suppression de programmes.
  J'inclus ces dossiers dans le script de suppression de OTL. Si tu préfère gardes un programme, supprime sa ligne de la liste.

 

>>> Utiliser OTL: S'assurer que les médias amovibles brachés lors de la dernière analyse sont insérés aux mêmes endroit et allumés.

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0

[2008/12/20 21:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Extensions

[2011/02/23 00:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions

[2010/08/22 13:18:50 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2010/08/22 13:19:02 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

[2011/02/23 03:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - No CLSID value found.

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O33 - MountPoints2\{043a218d-f1d2-11db-a3fc-0011f5df645d}\Shell\Auto\command - "" = RavMonE.exe e

O33 - MountPoints2\{043a218d-f1d2-11db-a3fc-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

O33 - MountPoints2\{14f3f19a-294d-11df-a95c-0011f5df645d}\Shell\AutoRun\command - "" = SamsungSoftware\APPInst.exe

O33 - MountPoints2\{231bbb28-ff9c-11db-a427-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{231bbb28-ff9c-11db-a427-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{3efff826-2633-11de-a7d2-0011f5df645d}\Shell\Auto\command - "" = E:\AdobeR.exe e

O33 - MountPoints2\{3efff826-2633-11de-a7d2-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell - "" = AutoRun

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell\1\Command - "" = RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell\2\Command - "" = RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{65f340a6-6e78-11dc-a51c-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{65f340a6-6e78-11dc-a51c-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{82ec2860-fc02-11da-a087-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{82ec2860-fc02-11da-a087-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\Shell\AutoRun\command - "" = cold\hott\raidhost.exe

O33 - MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\Shell\Explore\Command - "" = cold\hott\raidhost.exe

O33 - MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\Shell\open\command - "" = cold\hott\raidhost.exe

O33 - MountPoints2\{8df0509e-a182-11db-a2e9-0011f5df645d}\Shell\Auto\command - "" = E:\AdobeR.exe e

O33 - MountPoints2\{8df0509e-a182-11db-a2e9-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{91021662-abe3-11dc-a593-0011f5df645d}\Shell\Auto\command - "" = G:\AdobeR.exe e

O33 - MountPoints2\{91021662-abe3-11dc-a593-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{a262d41e-0ea5-11e0-aa8e-0011f5df645d}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe

O33 - MountPoints2\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\Shell\Auto\command - "" = E:\AdobeR.exe e

O33 - MountPoints2\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{eb802be6-0d32-11dc-a458-0011f5df645d}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{eb802be6-0d32-11dc-a458-0011f5df645d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

O33 - MountPoints2\{f00c7b60-da11-11da-9ff5-0011f5df645d}\Shell\AutoRun\command - "" = .pspware\PSPWareLauncher.exe

 

:Services

 

:Reg

 

:Files

C:\Program Files\Azureus

C:\Program Files\eMule

C:\Program Files\BitTorrent_DNA

C:\Program Files\BitTorrent

C:\Program Files\Freecorder

C:\Program Files\Vuze_Remote

C:\Program Files\Winamp Toolbar

C:\Program Files\ConduitEngine

C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\Program Files\setup.exe

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

 

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

Rapports demandés: OTL.

As-tu encore des soucis?

[NeoKyrA]

Salut,

 

Comme tu me l'as conseillé j'ai gardé ton ton script de correction sans le modifier,de toute façon je ne me sert plus des programme sités depuis un bon bout de temps,mis a part freecorder,mais bon tampis...

Donc voici le rapport d'OTL après la correction:

 

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.

C:\Program Files\Freecorder\tbFre0.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.

C:\Program Files\Vuze_Remote\tbVuze.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0 removed from extensions.enabledItems

Prefs.js: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 removed from extensions.enabledItems

C:\Documents and Settings\iowa\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Extensions folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}\chrome folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\lib folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\lib folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.

C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions folder moved successfully.

Folder C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.

Folder C:\Documents and Settings\iowa\Application Data\Mozilla\Firefox\Profiles\l0xrfuwj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\tb-amulet-of-protection\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\tb-amulet-of-protection folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib\google3 folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib\firefox folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.

File C:\Program Files\Freecorder\tbFre0.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.

C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

C:\Program Files\AVG\AVG9\avgssie.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully.

C:\WINDOWS\system32\DLA\DLASHX_W.DLL moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

File C:\Program Files\Vuze_Remote\tbVuze.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.

File C:\Program Files\Freecorder\tbFre0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

File C:\Program Files\Vuze_Remote\tbVuze.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.

File C:\Program Files\Winamp Toolbar\winamptb.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.

File C:\Program Files\Freecorder\tbFre0.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.

File C:\Program Files\Vuze_Remote\tbVuze.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.

File C:\Program Files\Winamp Toolbar\winamptb.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Freecorder FLV Service deleted successfully.

C:\Program Files\Freecorder\FLVSrvc.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Toolbar Search\ deleted successfully.

C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{043a218d-f1d2-11db-a3fc-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043a218d-f1d2-11db-a3fc-0011f5df645d}\ not found.

File RavMonE.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{043a218d-f1d2-11db-a3fc-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043a218d-f1d2-11db-a3fc-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14f3f19a-294d-11df-a95c-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14f3f19a-294d-11df-a95c-0011f5df645d}\ not found.

File SamsungSoftware\APPInst.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{231bbb28-ff9c-11db-a427-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231bbb28-ff9c-11db-a427-0011f5df645d}\ not found.

File AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{231bbb28-ff9c-11db-a427-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231bbb28-ff9c-11db-a427-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\ not found.

File AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36fac9b2-f056-11dc-a5f7-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3efff826-2633-11de-a7d2-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3efff826-2633-11de-a7d2-0011f5df645d}\ not found.

File E:\AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3efff826-2633-11de-a7d2-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3efff826-2633-11de-a7d2-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

File C:\RECYCLER\RECYCLER\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

File C:\RECYCLER\RECYCLER\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dc4288-fba4-11dd-a797-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\RECYCLER\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f340a6-6e78-11dc-a51c-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f340a6-6e78-11dc-a51c-0011f5df645d}\ not found.

File AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f340a6-6e78-11dc-a51c-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f340a6-6e78-11dc-a51c-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82ec2860-fc02-11da-a087-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82ec2860-fc02-11da-a087-0011f5df645d}\ not found.

File AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82ec2860-fc02-11da-a087-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82ec2860-fc02-11da-a087-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83ce6e50-da6c-11dd-a771-0011f5df645d}\ not found.

File cold\hott\raidhost.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83ce6e50-da6c-11dd-a771-0011f5df645d}\ not found.

File cold\hott\raidhost.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83ce6e50-da6c-11dd-a771-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83ce6e50-da6c-11dd-a771-0011f5df645d}\ not found.

File cold\hott\raidhost.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8df0509e-a182-11db-a2e9-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8df0509e-a182-11db-a2e9-0011f5df645d}\ not found.

File E:\AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8df0509e-a182-11db-a2e9-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8df0509e-a182-11db-a2e9-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91021662-abe3-11dc-a593-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91021662-abe3-11dc-a593-0011f5df645d}\ not found.

File G:\AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91021662-abe3-11dc-a593-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91021662-abe3-11dc-a593-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a262d41e-0ea5-11e0-aa8e-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a262d41e-0ea5-11e0-aa8e-0011f5df645d}\ not found.

File E:\Toshiba\Launcher\start.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\ not found.

File E:\AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d2d4a7-d6bf-11da-986b-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb802be6-0d32-11dc-a458-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb802be6-0d32-11dc-a458-0011f5df645d}\ not found.

File AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb802be6-0d32-11dc-a458-0011f5df645d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb802be6-0d32-11dc-a458-0011f5df645d}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f00c7b60-da11-11da-9ff5-0011f5df645d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f00c7b60-da11-11da-9ff5-0011f5df645d}\ not found.

File .pspware\PSPWareLauncher.exe not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Program Files\Azureus\plugins\azupnpav folder moved successfully.

C:\Program Files\Azureus\plugins\azupdater folder moved successfully.

C:\Program Files\Azureus\plugins\azrating folder moved successfully.

C:\Program Files\Azureus\plugins\azplugins folder moved successfully.

C:\Program Files\Azureus\plugins\azitunes folder moved successfully.

C:\Program Files\Azureus\plugins\azemp\mplayer folder moved successfully.

C:\Program Files\Azureus\plugins\azemp folder moved successfully.

C:\Program Files\Azureus\plugins folder moved successfully.

C:\Program Files\Azureus\.install4j folder moved successfully.

C:\Program Files\Azureus folder moved successfully.

C:\Program Files\eMule\webserver folder moved successfully.

C:\Program Files\eMule\Temp folder moved successfully.

C:\Program Files\eMule\skins folder moved successfully.

C:\Program Files\eMule\lang folder moved successfully.

C:\Program Files\eMule\Incoming folder moved successfully.

C:\Program Files\eMule\config folder moved successfully.

C:\Program Files\eMule folder moved successfully.

File\Folder C:\Program Files\BitTorrent_DNA not found.

File\Folder C:\Program Files\BitTorrent not found.

C:\Program Files\Freecorder\Uninstall folder moved successfully.

C:\Program Files\Freecorder folder moved successfully.

C:\Program Files\Vuze_Remote folder moved successfully.

C:\Program Files\Winamp Toolbar folder moved successfully.

C:\Program Files\ConduitEngine folder moved successfully.

C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine\MyStuffApps folder moved successfully.

C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine\Logs folder moved successfully.

C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine\ExternalComponent folder moved successfully.

C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine\CacheIcons folder moved successfully.

C:\Documents and Settings\iowa\Local Settings\Application Data\ConduitEngine folder moved successfully.

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\Google Software Updater.job moved successfully.

C:\sqmdata00.sqm moved successfully.

C:\sqmdata01.sqm moved successfully.

C:\sqmdata02.sqm moved successfully.

C:\sqmdata03.sqm moved successfully.

C:\sqmdata04.sqm moved successfully.

C:\sqmdata05.sqm moved successfully.

C:\sqmdata06.sqm moved successfully.

C:\sqmdata07.sqm moved successfully.

C:\sqmdata08.sqm moved successfully.

C:\sqmdata09.sqm moved successfully.

C:\sqmdata10.sqm moved successfully.

C:\sqmdata11.sqm moved successfully.

C:\sqmdata12.sqm moved successfully.

C:\sqmdata13.sqm moved successfully.

C:\sqmdata14.sqm moved successfully.

C:\sqmdata15.sqm moved successfully.

C:\sqmdata16.sqm moved successfully.

C:\sqmdata17.sqm moved successfully.

C:\sqmdata18.sqm moved successfully.

C:\sqmdata19.sqm moved successfully.

C:\sqmnoopt00.sqm moved successfully.

C:\sqmnoopt01.sqm moved successfully.

C:\sqmnoopt02.sqm moved successfully.

C:\sqmnoopt03.sqm moved successfully.

C:\sqmnoopt04.sqm moved successfully.

C:\sqmnoopt05.sqm moved successfully.

C:\sqmnoopt06.sqm moved successfully.

C:\sqmnoopt07.sqm moved successfully.

C:\sqmnoopt08.sqm moved successfully.

C:\sqmnoopt09.sqm moved successfully.

C:\sqmnoopt10.sqm moved successfully.

C:\sqmnoopt11.sqm moved successfully.

C:\sqmnoopt12.sqm moved successfully.

C:\sqmnoopt13.sqm moved successfully.

C:\sqmnoopt14.sqm moved successfully.

C:\sqmnoopt15.sqm moved successfully.

C:\sqmnoopt16.sqm moved successfully.

C:\sqmnoopt17.sqm moved successfully.

C:\sqmnoopt18.sqm moved successfully.

C:\sqmnoopt19.sqm moved successfully.

C:\Program Files\setup.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 83 bytes

 

User: iowa

->Temp folder emptied: 67384722 bytes

->Temporary Internet Files folder emptied: 11988776 bytes

->Java cache emptied: 132516 bytes

->FireFox cache emptied: 98837458 bytes

->Flash cache emptied: 5074 bytes

 

User: LocalService

->Temp folder emptied: 115616 bytes

->Temporary Internet Files folder emptied: 7152013 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 83 bytes

 

User: marion

 

User: NetworkService

->Temp folder emptied: 1136658 bytes

->Temporary Internet Files folder emptied: 519371 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 4906 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17048 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91183498 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 266,00 mb

 

 

[EMPTYFLASH]

 

User: Administrateur

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: iowa

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: LogMeInRemoteUser

->Flash cache emptied: 0 bytes

 

User: marion

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.21.0 log created on 02252011_013152

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-0c558528e06bc524d3d66a4cad6d966a45149dc1e1fb3cb4c6f729d14d956430347661f9f33fff40f748f2233c1cb9e86c4c4e4ed083176528ae3418049e53fa3a15919bb0fbd7f2f38440f7f63aeab21ffffe213cebfe219c189697b0f6870afda7af1c9 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-46ce515f51a445bfc8d297abc835ba57be41f1e0d20066c25876ae5020a9fc9bcdb8ff4a8179f16d500e272c7143dc11b7ed2113c11ce282e87167aba9a554bedef5337c348925de679aa23628bdce646df39b4d431b60bb161a072288c6a7138c2a27381 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-67c27090e6f1f50dbc289fd4bdcc395ae83222b651e85fae32f5129e35849e73a1615c1896aa0ef64289769ae970592eed49894f3c588a8147bbf854e479a880e1b54ef16759d9d8b452c33c0ca28a0d62fc07163b35926c1f7fa65a478096312637df7a1 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-692cb9558ffaeb66cd6d7aa19aae24ac98f0bc2361a4285f3f38e01a02b2d2f69b1a47a03dae76d7049bd15d51fe5056aaf378cf5709a3c9f82b06866a4aabaae0fcc26deef6c24a2b1083c85d0f56211571ecad2ca25257d7260dd92b46a6b4a46715a0f not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-6a44abc68224e8e5fd7f61c34c7727b7c316c7aee82602cc28412f5de5decc21ae5eb4516e1d3dabf9eac8b64ebbee924b93f773e460b7227f959d55800516fb1578f47411528ee8d403cacca0d12f8e100b04e61883c17ecdb70e968b3095344bc4a776b not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-984832b180fbd8af14fcdf9aec29e9003b4f96ceddbc56f4def0ef4fbb3a761dc4fe5c7f571da640fd44ad8e30ffcdf2fbea0e3b2fb34c6a71afe84af7c9a113f9b66392f80b8fd8b5aa8bf7189f97c3d4f3e502e60dbf4b88a4b8431de1893a1591264ea not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-9dd11ad270b51d7f898899f1f81e2deac25bf1724f2bb4cf59896277c8476fd1ea87e443ea6a6c854aae6b70357f872a7321e72c6bfe2d41a00c8113497a7cf9a26e3f002dffe9acb43de2d78d4b0af53dcb5f3a0fe3d2d3b1a3787ad81e998957a8c364f not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-a80d1caa70906497c6637919919fd927d834ab8892e650a1b5ffde2eabe86d9ec03d08b0bdec04632bb1f813a4d7d26ea33f32cef4cb04a0ccac34de1735c1f0c55c60f6d063318292c7aecd107ba01ec8bc19b1d263fa12a6ea374ce46608b3f732d8c18 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-b421b61ac9d4e320cd8d7d5c40aeab6ca9d909ef7e6c6941c1152abc32555f1a72239d7e9b6f5168671d28b534e5d9375c97d9e0d87a07ae8d1839fe0e302f6fc85915b80939889c59606c184fa315838e174f89caf50c837237090e956fed6a12e77e102 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-c55d7f15ae8fb19292d68f47439d4e3daf115c92006525fe7c5a8bf20faff2cb8b74dbc530f1c9b849cf15deb31a9aab63e15eb879b73dc343bf4453fd694eeec0869c15b14b2d765b0c07b1de0728c1312b220c3c34011871aed8664d3e0dbc689e63a1c not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-cdfc2e362cc99151df00753855d1e69e077bafdfaa764fa11abd530de9d116d45ec3a93d945218b8be70a0621f649aad13d3ca4d9fdde59539218657a1e571713f490b3850f82de367b9cdd54f3fb23c88e1edb205e35150973289e5f7218a1438dbf918c not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-28\plugin-e549f0b57b70f066ff84ce0ad528b923643b6f6546f310945bdce20dcadea16d26241eed60f7015c42bb3f0752eec1fb5b66a2754ad8ee9d2ae2a6d2c55ca7e0a894f173bb75aab05b996145bccc08aad4c5aeea0d5e14ae6fbf21b896f3ecf431659bd72 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-2\plugin-00b09c9f51a48ccbc98837ff6ab4b1a25bdb6a421183ec5228363f3b43b7a315f02ee74e244a615c45a493dd784fd3e6889ea9b9256ee3fbe47e91c8f06772254356039c9bc4f77dd3b075664ae8578e122450b39b517c93ddee80aee45f3443 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-2\plugin-00b09c9f51a48ccbc98837ff6ab4b1a25bdb6a421183ec5228363f3b43b7a315f02ee74e244a615c45a493dd784fd3e6889ea9b9256ee3fbe47e91c8f06772254356039c9bc4f77dd3b075664ae8578e122450b39b517c93ddee80aee45f3443-1 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-2\plugin-00b09c9f51a48ccbc98837ff6ab4b1a25bdb6a421183ec5228363f3b43b7a315f02ee74e244a615c45a493dd784fd3e6889ea9b9256ee3fbe47e91c8f06772254356039c9bc4f77dd3b075664ae8578e122450b39b517c93ddee80aee45f3443-2 not found!

File\Folder C:\Documents and Settings\iowa\Local Settings\Temp\plugtmp-1\plugin-3f8977a31d9e59e0ac81792a45a2cad801ca94dd0ee6a52f6701249de928099e96e17942246666fedc27f91f886f690307bc577ee5ebbfdbd380824c8d7ac8e0859bdd068eba17a76a8dcf336e3f13152fe2d5338769f4f6113c4455753ccb61 not found!

 

Registry entries deleted on Reboot...

 

Pour ce qui est des soucis,je viens de consulter ma boite mail,j'ai encore reçu des messages de mon coté mais il semblerai que cela date d'avant les corrections d'OTL,je viens juste de relancer mon pc il a une heure donc je n'ose pas trop m'avancer sur le résultat mais une chose est sûre,les différentes manip que tu m'as demandé de faire ne lui ont fait que du bien,c'est déjà ça !!

 

En ce qui concerne l'état de la mémoire je sais qu'il y a pas mal de bouleau a faire,il commence a être "relativement" agé et a force d'installer,désinstaller des logiciels,tenter diverse manip sans vraiment connaitre grand chose je pense que j'ai bien mit la pagaille dans mon disque dur,du coup je n'arrive plus a récupérer la place nécessaire,je ne sais pas vraiment quoi supprimer.

 

Je garde un oeil sur ma boite mail et je renverrai un message,dans la nuit sûrement (en rentrant du travail),pour te dire si d'autre message sont arrivés.

 

Bon après-midi...