Virus ultra pop up

j'ai devancé un peu la démarche, j'ai exécuter le programme RSIT.exe


Logfile of random's system information tool 1.05 (written by random/random)
Run by Nicolas at 2009-02-20 14:49:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 40 GB (13%) free of 305 GB
Total RAM: 2047 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:45, on 2009-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PPLiveVA\PPLiveVA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
C:\Program Files\trend micro\Nicolas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 65.98.84.21 tv.gomtv.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {294bd579-b318-4cbb-8bbd-59a022d3d7f7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtsPjjG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {f5134c9c-1825-b60b-b1e4-35dea5811b8c} - {c8b1185a-ed53-4e1b-b06b-5281c9c4315f} - C:\WINDOWS\system32\sqctnu.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3803] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1357] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6215] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3710] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5438] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA624] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3425] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3425] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3852] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC403] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA990] command.com /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Program Files\Gnuf\Casino\casinogame.exe
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Program Files\Gnuf\Poker\MPPoker.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlaye [...] uncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: xkrnla.dll vcvuwf.dll rstifc.dll ezzgwc.dll umffgc.dll klkivk.dll rlmfsk.dll zgtwwd.dll axqakq.dll gpcpmv.dll xothzo.dll twjwqd.dll bkwuny.dll nqqxzb.dll ufiaaj.dll ddzmgg.dll hkkkpl.dll afdexe.dll ywtryp.dll qkikcu.dll ggopnj.dll jblujo.dll pbyjlt.dll dxmdfk.dll jryxdk.dll eheiif.dll impsdf.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: awtsPjjG - C:\WINDOWS\SYSTEM32\awtsPjjG.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 15463 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{294bd579-b318-4cbb-8bbd-59a022d3d7f7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\awtsPjjG.dll [2009-02-12 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8b1185a-ed53-4e1b-b06b-5281c9c4315f}]
C:\WINDOWS\system32\sqctnu.dll [2009-02-18 129024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC3803"=cmd.exe /c del C:\Program Files\Everest Poker\gvcrt.dll []
"SpybotDeletingA1357"=command.com /c del C:\Program Files\Everest Poker\gvmain.exe []
"SpybotDeletingC6215"=cmd.exe /c del C:\Program Files\Everest Poker\gvmain.exe []
"SpybotDeletingA3710"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt []
"SpybotDeletingC5438"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt []
"SpybotDeletingA624"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art []
"SpybotDeletingC3425"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art []
"SpybotDeletingA3425"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingA3852"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingC403"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingA990"=command.com /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
"SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
"SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
"Utopia Angel"=C:\Utopia\Angel\Angel.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
"Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
"PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-11 2356088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="xkrnla.dll vcvuwf.dll rstifc.dll ezzgwc.dll umffgc.dll klkivk.dll rlmfsk.dll zgtwwd.dll axqakq.dll gpcpmv.dll xothzo.dll twjwqd.dll bkwuny.dll nqqxzb.dll ufiaaj.dll ddzmgg.dll hkkkpl.dll afdexe.dll ywtryp.dll qkikcu.dll ggopnj.dll jblujo.dll pbyjlt.dll dxmdfk.dll jryxdk.dll eheiif.dll impsdf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsPjjG]
C:\WINDOWS\system32\awtsPjjG.dll [2009-02-12 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\awtsPjjG.dll [2009-02-12 35328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnmnnKa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv16A.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv16A.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsa172.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsa172.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsw1BE.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsw1BE.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nssA.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nssA.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv27.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv27.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsu10.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsu10.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nss1CC.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nss1CC.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:EnabledctoshapeClient"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\steamapps\charcute\condition zero deleted scenes\hl.exe"="C:\Program Files\Steam\steamapps\charcute\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Administrator\Desktop\uTorrent.exe"="C:\Documents and Settings\Administrator\Desktop\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA"
"C:\Documents and Settings\Nicolas\Desktop\age2\empires2.exe"="C:\Documents and Settings\Nicolas\Desktop\age2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Nicolas\Desktop\age2\age2_x1.exe"="C:\Documents and Settings\Nicolas\Desktop\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
"C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
"C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabledaum ?????"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabledaum ?????"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:EnabledPSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:EnabledPS ÍøÂç¼ÓËÙÆ÷"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:EnabledPLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:EnabledPLiveVA"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 3 months======

2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
2009-02-20 14:49:38 ----D---- C:\rsit
2009-02-20 14:09:09 ----A---- C:\WINDOWS\system32\odjowb.dll
2009-02-20 14:09:08 ----A---- C:\WINDOWS\system32\qoMcaWOI.dll
2009-02-20 13:08:53 ----A---- C:\WINDOWS\system32\xetwbi.dll
2009-02-20 13:08:52 ----A---- C:\WINDOWS\system32\rqRjgfgD.dll
2009-02-20 12:08:39 ----A---- C:\WINDOWS\system32\btjvpo.dll
2009-02-20 12:08:38 ----A---- C:\WINDOWS\system32\tuvWopmk.dll
2009-02-20 11:07:53 ----A---- C:\WINDOWS\system32\rgwkov.dll
2009-02-20 11:07:53 ----A---- C:\WINDOWS\system32\ddcDuSmJ.dll
2009-02-20 10:07:31 ----A---- C:\WINDOWS\system32\jkkHBTKA.dll
2009-02-20 10:07:31 ----A---- C:\WINDOWS\system32\brafye.dll
2009-02-19 22:36:14 ----A---- C:\WINDOWS\system32\ftwczm.dll
2009-02-19 22:36:13 ----A---- C:\WINDOWS\system32\yayyWnnk.dll
2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\Pncrt.dll
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
2009-02-19 21:35:58 ----A---- C:\WINDOWS\system32\csxpww.dll
2009-02-19 21:35:57 ----A---- C:\WINDOWS\system32\cbXOIbcd.dll
2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
2009-02-19 21:12:30 ----A---- C:\Documents and Settings\Nicolas\Application Data\inst.exe
2009-02-19 20:35:39 ----A---- C:\WINDOWS\system32\lsmtzm.dll
2009-02-19 20:35:38 ----A---- C:\WINDOWS\system32\wvUligde.dll
2009-02-19 19:35:24 ----A---- C:\WINDOWS\system32\kjhplr.dll
2009-02-19 19:35:23 ----A---- C:\WINDOWS\system32\awtusrQj.dll
2009-02-19 18:35:10 ----A---- C:\WINDOWS\system32\ekcijm.dll
2009-02-19 18:35:02 ----A---- C:\WINDOWS\system32\iifFYQjI.dll
2009-02-19 17:34:48 ----A---- C:\WINDOWS\system32\dgfnil.dll
2009-02-19 17:34:47 ----A---- C:\WINDOWS\system32\ssqPfDus.dll
2009-02-19 16:34:30 ----A---- C:\WINDOWS\system32\axzsav.dll
2009-02-19 16:34:29 ----A---- C:\WINDOWS\system32\ssqQkKcd.dll
2009-02-19 15:33:45 ----A---- C:\WINDOWS\system32\urqOEwWN.dll
2009-02-19 15:33:45 ----A---- C:\WINDOWS\system32\aryaao.dll
2009-02-19 14:33:31 ----A---- C:\WINDOWS\system32\rmgscd.dll
2009-02-19 14:33:26 ----A---- C:\WINDOWS\system32\fcccbaxY.dll
2009-02-19 13:33:11 ----A---- C:\WINDOWS\system32\ycdhnx.dll
2009-02-19 13:33:11 ----A---- C:\WINDOWS\system32\hgGvwXPf.dll
2009-02-19 12:32:56 ----A---- C:\WINDOWS\system32\rnahic.dll
2009-02-19 12:32:55 ----A---- C:\WINDOWS\system32\tuvWoljk.dll
2009-02-19 11:32:11 ----A---- C:\WINDOWS\system32\xfnkdw.dll
2009-02-19 11:32:10 ----A---- C:\WINDOWS\system32\cbXRJDUl.dll
2009-02-19 10:31:52 ----A---- C:\WINDOWS\system32\mwjycx.dll
2009-02-19 10:31:48 ----A---- C:\WINDOWS\system32\ljJYOFWn.dll
2009-02-18 20:50:16 ----A---- C:\WINDOWS\system32\sqctnu.dll
2009-02-18 20:50:15 ----A---- C:\WINDOWS\system32\urqQgeba.dll
2009-02-18 19:50:01 ----A---- C:\WINDOWS\system32\tfbhrr.dll
2009-02-18 19:50:00 ----A---- C:\WINDOWS\system32\efcARHwX.dll
2009-02-18 18:49:46 ----A---- C:\WINDOWS\system32\alqkvz.dll
2009-02-18 18:49:45 ----A---- C:\WINDOWS\system32\ssqOFWmj.dll
2009-02-18 17:49:01 ----A---- C:\WINDOWS\system32\sbhprn.dll
2009-02-18 17:49:01 ----A---- C:\WINDOWS\system32\mlJYpNff.dll
2009-02-18 16:48:17 ----A---- C:\WINDOWS\system32\gutsin.dll
2009-02-18 16:48:16 ----A---- C:\WINDOWS\system32\ssqOIcay.dll
2009-02-18 15:47:32 ----A---- C:\WINDOWS\system32\nttzhr.dll
2009-02-18 15:47:31 ----A---- C:\WINDOWS\system32\fccdbbBQ.dll
2009-02-18 14:46:47 ----A---- C:\WINDOWS\system32\ncgrnt.dll
2009-02-18 14:46:46 ----A---- C:\WINDOWS\system32\opnnnKBt.dll
2009-02-18 13:46:02 ----A---- C:\WINDOWS\system32\ywowln.dll
2009-02-18 13:46:01 ----A---- C:\WINDOWS\system32\rqRHwTnn.dll
2009-02-18 12:45:47 ----A---- C:\WINDOWS\system32\aeyskc.dll
2009-02-18 12:45:46 ----A---- C:\WINDOWS\system32\efcARhgF.dll
2009-02-18 11:20:35 ----A---- C:\WINDOWS\system32\yayvVOeF.dll
2009-02-18 11:20:35 ----A---- C:\WINDOWS\system32\hdcoyy.dll
2009-02-17 23:00:51 ----A---- C:\WINDOWS\system32\efcATJDU.dll
2009-02-17 23:00:51 ----A---- C:\WINDOWS\system32\aiescj.dll
2009-02-17 22:00:36 ----A---- C:\WINDOWS\system32\tuvWnMfC.dll
2009-02-17 22:00:36 ----A---- C:\WINDOWS\system32\tiqyge.dll
2009-02-17 21:00:22 ----A---- C:\WINDOWS\system32\dvlyve.dll
2009-02-17 21:00:21 ----A---- C:\WINDOWS\system32\wvUoOIXP.dll
2009-02-17 20:00:06 ----A---- C:\WINDOWS\system32\uwthps.dll
2009-02-17 20:00:06 ----A---- C:\WINDOWS\system32\iifefEVN.dll
2009-02-17 18:59:21 ----A---- C:\WINDOWS\system32\vtUnmJYO.dll
2009-02-17 18:59:21 ----A---- C:\WINDOWS\system32\plqzwj.dll
2009-02-17 17:58:37 ----A---- C:\WINDOWS\system32\fdpgjt.dll
2009-02-17 17:58:36 ----A---- C:\WINDOWS\system32\hgGaywTm.dll
2009-02-17 16:58:22 ----A---- C:\WINDOWS\system32\wxxzlj.dll
2009-02-17 16:58:21 ----A---- C:\WINDOWS\system32\byXoPigG.dll
2009-02-17 15:57:38 ----A---- C:\WINDOWS\system32\evymdv.dll
2009-02-17 15:57:37 ----A---- C:\WINDOWS\system32\rqRIbXOg.dll
2009-02-17 14:56:53 ----A---- C:\WINDOWS\system32\emorop.dll
2009-02-17 14:56:52 ----A---- C:\WINDOWS\system32\xxyyvWQG.dll
2009-02-17 13:56:38 ----A---- C:\WINDOWS\system32\impsdf.dll
2009-02-17 13:56:37 ----A---- C:\WINDOWS\system32\jkkHXPiI.dll
2009-02-17 12:56:23 ----A---- C:\WINDOWS\system32\eheiif.dll
2009-02-17 12:56:22 ----A---- C:\WINDOWS\system32\fccYonKa.dll
2009-02-17 11:56:04 ----A---- C:\WINDOWS\system32\rqRLfeCT.dll
2009-02-17 11:56:04 ----A---- C:\WINDOWS\system32\jryxdk.dll
2009-02-17 10:55:44 ----A---- C:\WINDOWS\system32\dxmdfk.dll
2009-02-17 10:55:43 ----A---- C:\WINDOWS\system32\yaywtQKB.dll
2009-02-17 09:55:29 ----A---- C:\WINDOWS\system32\pbyjlt.dll
2009-02-17 09:55:28 ----A---- C:\WINDOWS\system32\byXPHaXq.dll
2009-02-17 08:55:14 ----A---- C:\WINDOWS\system32\mlJBULff.dll
2009-02-17 08:55:14 ----A---- C:\WINDOWS\system32\jblujo.dll
2009-02-17 07:54:52 ----A---- C:\WINDOWS\system32\hgGxXqOF.dll
2009-02-17 07:54:52 ----A---- C:\WINDOWS\system32\fvtkos.dll
2009-02-16 23:03:52 ----A---- C:\WINDOWS\system32\trfagm.dll
2009-02-16 23:03:51 ----A---- C:\WINDOWS\system32\cbXRJBrr.dll
2009-02-16 22:03:07 ----A---- C:\WINDOWS\system32\ggopnj.dll
2009-02-16 22:03:06 ----A---- C:\WINDOWS\system32\wvUoNhFu.dll
2009-02-16 21:02:52 ----A---- C:\WINDOWS\system32\qkikcu.dll
2009-02-16 21:02:51 ----A---- C:\WINDOWS\system32\khfDwxuv.dll
2009-02-16 19:02:16 ----A---- C:\WINDOWS\system32\ywtryp.dll
2009-02-16 19:02:15 ----A---- C:\WINDOWS\system32\qoMeDSkH.dll
2009-02-16 18:02:01 ----A---- C:\WINDOWS\system32\afdexe.dll
2009-02-16 18:02:00 ----A---- C:\WINDOWS\system32\opnOFVNh.dll
2009-02-16 18:00:36 ----D---- C:\Program Files\Everest Poker
2009-02-16 17:01:45 ----A---- C:\WINDOWS\system32\hkkkpl.dll
2009-02-16 17:01:44 ----A---- C:\WINDOWS\system32\ddcYsPfg.dll
2009-02-16 16:00:59 ----A---- C:\WINDOWS\system32\urhjeb.dll
2009-02-16 16:00:58 ----A---- C:\WINDOWS\system32\jkkLDTkh.dll
2009-02-16 15:00:43 ----A---- C:\WINDOWS\system32\ddzmgg.dll
2009-02-16 15:00:43 ----A---- C:\WINDOWS\system32\cbXNHBrQ.dll
2009-02-16 14:00:29 ----A---- C:\WINDOWS\system32\ufiaaj.dll
2009-02-16 14:00:28 ----A---- C:\WINDOWS\system32\iifeFXQi.dll
2009-02-16 12:59:44 ----A---- C:\WINDOWS\system32\aiivca.dll
2009-02-16 12:59:43 ----A---- C:\WINDOWS\system32\jkkKddET.dll
2009-02-16 11:58:59 ----A---- C:\WINDOWS\system32\nqqxzb.dll
2009-02-16 11:58:59 ----A---- C:\WINDOWS\system32\awttSMFV.dll
2009-02-16 10:58:42 ----A---- C:\WINDOWS\system32\bkwuny.dll
2009-02-16 10:58:35 ----A---- C:\WINDOWS\system32\wvUoOGxY.dll
2009-02-16 00:27:41 ----A---- C:\WINDOWS\system32\vtUkiGAq.dll
2009-02-16 00:27:41 ----A---- C:\WINDOWS\system32\twjwqd.dll
2009-02-15 23:27:26 ----A---- C:\WINDOWS\system32\xothzo.dll
2009-02-15 23:27:26 ----A---- C:\WINDOWS\system32\opnlMgfF.dll
2009-02-15 22:27:11 ----A---- C:\WINDOWS\system32\gpcpmv.dll
2009-02-15 22:27:10 ----A---- C:\WINDOWS\system32\ddcaXrSl.dll
2009-02-15 21:26:56 ----A---- C:\WINDOWS\system32\axqakq.dll
2009-02-15 21:26:55 ----A---- C:\WINDOWS\system32\urqOGXRI.dll
2009-02-15 20:26:41 ----A---- C:\WINDOWS\system32\zgtwwd.dll
2009-02-15 20:26:41 ----A---- C:\WINDOWS\system32\iifedcDv.dll
2009-02-15 19:26:27 ----A---- C:\WINDOWS\system32\rlmfsk.dll
2009-02-15 19:26:26 ----A---- C:\WINDOWS\system32\pmnlkJCV.dll
2009-02-15 18:26:12 ----A---- C:\WINDOWS\system32\klkivk.dll
2009-02-15 18:26:12 ----A---- C:\WINDOWS\system32\ddcAssrr.dll
2009-02-15 17:25:28 ----A---- C:\WINDOWS\system32\umffgc.dll
2009-02-15 17:25:27 ----A---- C:\WINDOWS\system32\nnnMCuRk.dll
2009-02-15 16:25:13 ----A---- C:\WINDOWS\system32\ezzgwc.dll
2009-02-15 16:25:12 ----A---- C:\WINDOWS\system32\hgGyxVpq.dll
2009-02-15 15:24:28 ----A---- C:\WINDOWS\system32\tuvvvWMf.dll
2009-02-15 15:24:28 ----A---- C:\WINDOWS\system32\rstifc.dll
2009-02-15 14:24:14 ----A---- C:\WINDOWS\system32\vcvuwf.dll
2009-02-15 14:24:13 ----A---- C:\WINDOWS\system32\efcYQKCV.dll
2009-02-15 13:23:59 ----A---- C:\WINDOWS\system32\xkrnla.dll
2009-02-15 13:23:58 ----A---- C:\WINDOWS\system32\mlJBQJbX.dll
2009-02-15 12:23:44 ----A---- C:\WINDOWS\system32\tyilkr.dll
2009-02-15 12:23:43 ----A---- C:\WINDOWS\system32\fccccBSm.dll
2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
2009-02-14 21:46:31 ----A---- C:\WINDOWS\system32\kygtff.dll
2009-02-14 21:46:30 ----A---- C:\WINDOWS\system32\qoMgGyWp.dll
2009-02-14 20:46:16 ----A---- C:\WINDOWS\system32\tuvVPjHy.dll
2009-02-14 20:46:16 ----A---- C:\WINDOWS\system32\btwmhv.dll
2009-02-14 19:45:32 ----A---- C:\WINDOWS\system32\rgjhrj.dll
2009-02-14 19:45:31 ----A---- C:\WINDOWS\system32\hgGwUooN.dll
2009-02-14 18:45:17 ----A---- C:\WINDOWS\system32\fbncja.dll
2009-02-14 18:45:16 ----A---- C:\WINDOWS\system32\opnnOEVO.dll
2009-02-14 17:44:32 ----A---- C:\WINDOWS\system32\xxywUOig.dll
2009-02-14 17:44:32 ----A---- C:\WINDOWS\system32\naopse.dll
2009-02-14 16:44:18 ----A---- C:\WINDOWS\system32\zspiwj.dll
2009-02-14 16:44:17 ----A---- C:\WINDOWS\system32\ssqpQKda.dll
2009-02-14 15:44:03 ----A---- C:\WINDOWS\system32\gosmnz.dll
2009-02-14 15:44:02 ----A---- C:\WINDOWS\system32\ljJYSjIc.dll
2009-02-14 14:43:18 ----A---- C:\WINDOWS\system32\opnlMeDu.dll
2009-02-14 14:43:18 ----A---- C:\WINDOWS\system32\lyozkg.dll
2009-02-14 13:42:34 ----A---- C:\WINDOWS\system32\qqmhdg.dll
2009-02-14 13:42:33 ----A---- C:\WINDOWS\system32\jkkKbYpQ.dll
2009-02-14 12:41:49 ----A---- C:\WINDOWS\system32\vtUooLcd.dll
2009-02-14 12:41:49 ----A---- C:\WINDOWS\system32\jhumoa.dll
2009-02-14 11:29:46 ----A---- C:\WINDOWS\system32\ncvlsq.dll
2009-02-14 11:29:45 ----A---- C:\WINDOWS\system32\tuvwuUnl.dll
2009-02-14 06:23:01 ----A---- C:\WINDOWS\system32\unznjx.dll
2009-02-14 06:23:00 ----A---- C:\WINDOWS\system32\mlJaaAqP.dll
2009-02-14 05:22:46 ----A---- C:\WINDOWS\system32\jtpqwn.dll
2009-02-14 05:22:45 ----A---- C:\WINDOWS\system32\qoMcDtrS.dll
2009-02-14 04:22:31 ----A---- C:\WINDOWS\system32\nsnusz.dll
2009-02-14 04:22:30 ----A---- C:\WINDOWS\system32\ljJYQKda.dll
2009-02-14 03:22:16 ----A---- C:\WINDOWS\system32\eclkyp.dll
2009-02-14 03:22:15 ----A---- C:\WINDOWS\system32\byXRlljk.dll
2009-02-14 02:22:01 ----A---- C:\WINDOWS\system32\ychdwj.dll
2009-02-14 02:22:00 ----A---- C:\WINDOWS\system32\byXNhhEw.dll
2009-02-14 01:21:46 ----A---- C:\WINDOWS\system32\nmzgrw.dll
2009-02-14 01:21:45 ----A---- C:\WINDOWS\system32\pmnnKeCV.dll
2009-02-14 00:21:31 ----A---- C:\WINDOWS\system32\ugcrha.dll
2009-02-14 00:21:30 ----A---- C:\WINDOWS\system32\pmnnLeee.dll
2009-02-13 23:21:15 ----A---- C:\WINDOWS\system32\spuuvx.dll
2009-02-13 23:21:15 ----A---- C:\WINDOWS\system32\ljJYSlkI.dll
2009-02-13 22:21:01 ----A---- C:\WINDOWS\system32\mmxaqn.dll
2009-02-13 22:21:00 ----A---- C:\WINDOWS\system32\geBrsRIY.dll
2009-02-13 21:20:46 ----A---- C:\WINDOWS\system32\oydyim.dll
2009-02-13 21:20:45 ----A---- C:\WINDOWS\system32\awtuTnnK.dll
2009-02-13 20:20:31 ----A---- C:\WINDOWS\system32\fzmucx.dll
2009-02-13 20:20:30 ----A---- C:\WINDOWS\system32\byXPGXPH.dll
2009-02-13 19:20:17 ----A---- C:\WINDOWS\system32\exdiuk.dll
2009-02-13 19:20:16 ----A---- C:\WINDOWS\system32\urqQjghE.dll
2009-02-13 18:20:02 ----A---- C:\WINDOWS\system32\vzlwnn.dll
2009-02-13 18:20:01 ----A---- C:\WINDOWS\system32\efcYPfFV.dll
2009-02-13 17:19:47 ----A---- C:\WINDOWS\system32\eswwup.dll
2009-02-13 17:19:46 ----A---- C:\WINDOWS\system32\hgGXOiiJ.dll
2009-02-13 16:19:02 ----A---- C:\WINDOWS\system32\rzdgpe.dll
2009-02-13 16:19:01 ----A---- C:\WINDOWS\system32\opnlKCTL.dll
2009-02-13 15:18:46 ----A---- C:\WINDOWS\system32\urqRKDsp.dll
2009-02-13 15:18:46 ----A---- C:\WINDOWS\system32\iqywbc.dll
2009-02-13 13:56:50 ----A---- C:\WINDOWS\system32\tfgudb.dll
2009-02-13 13:56:49 ----A---- C:\WINDOWS\system32\wvUommNH.dll
2009-02-13 12:56:05 ----A---- C:\WINDOWS\system32\pmnnlkHw.dll
2009-02-13 12:56:05 ----A---- C:\WINDOWS\system32\gmhjkp.dll
2009-02-13 11:55:51 ----A---- C:\WINDOWS\system32\inaxcr.dll
2009-02-13 11:55:50 ----A---- C:\WINDOWS\system32\tuvUOgDW.dll
2009-02-13 10:55:31 ----A---- C:\WINDOWS\system32\kfcblr.dll
2009-02-13 10:55:29 ----A---- C:\WINDOWS\system32\yayyAsRh.dll
2009-02-12 23:03:27 ----A---- C:\WINDOWS\system32\rdisfd.dll
2009-02-12 23:03:27 ----A---- C:\WINDOWS\system32\mlJcYpNd.dll
2009-02-12 22:58:24 ----N---- C:\WINDOWS\system32\clickfile.exe
2009-02-12 22:58:24 ----A---- C:\WINDOWS\system32\awtsPjjG.dll
2009-02-10 14:00:47 ----D---- C:\Avenger
2009-02-10 14:00:46 ----A---- C:\avenger.txt
2009-02-10 08:46:32 ----A---- C:\WINDOWS\system32\998.exe
2009-02-09 13:27:51 ----A---- C:\WINDOWS\system32\winlogon2.exe
2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-07 19:27:34 ----A---- C:\rapport.txt
2009-02-07 19:13:47 ----A---- C:\WINDOWS\system32\9bcf1a77-.txt
2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
2009-02-05 22:28:28 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
2009-01-18 18:23:49 ----D---- C:\Poker
2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 15:43:59 ----D---- C:\PPVADownloads
2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
2009-01-10 20:11:26 ----A---- C:\log_lobby_dumper.txt
2009-01-10 20:11:26 ----A---- C:\log_lobby.txt
2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info
2008-11-21 16:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 16:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 16:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2009-02-20 14:49:39 ----RD---- C:\Program Files
2009-02-20 14:46:51 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
2009-02-20 14:39:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-20 14:30:38 ----A---- C:\log.txt
2009-02-20 14:12:07 ----D---- C:\WINDOWS\Temp
2009-02-20 14:09:09 ----D---- C:\WINDOWS\system32
2009-02-20 10:50:14 ----SD---- C:\WINDOWS\Tasks
2009-02-20 10:42:11 ----D---- C:\WINDOWS\Prefetch
2009-02-20 10:18:00 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
2009-02-20 10:17:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-20 10:17:08 ----D---- C:\Program Files\Steam
2009-02-20 10:16:20 ----D---- C:\Program Files\DNA
2009-02-20 10:03:04 ----D---- C:\WINDOWS
2009-02-19 23:34:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-19 23:27:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-19 21:52:20 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
2009-02-19 21:49:06 ----D---- C:\WINDOWS\system32\drivers
2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
2009-02-19 21:24:32 ----D---- C:\Documents and Settings
2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
2009-02-18 18:17:59 ----D---- C:\WINDOWS\system32\config
2009-02-17 11:49:13 ----D---- C:\Downloads
2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-14 21:55:31 ----SHD---- C:\WINDOWS\Installer
2009-02-14 16:20:00 ----D---- C:\Program Files\PartyGaming
2009-02-13 23:06:25 ----D---- C:\Program Files\Full Tilt Poker
2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-07 20:41:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-03 18:33:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files
2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-01-13 22:45:52 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-01-13 22:44:05 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-01-13 22:37:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-01-13 22:37:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-05 13:18:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-05 02:13:24 ----A---- C:\WINDOWS\BnetLog.txt
2009-01-01 10:25:47 ----D---- C:\Program Files\DivX
2008-12-30 17:09:53 ----D---- C:\WINDOWS\Minidump
2008-12-19 03:00:43 ----D---- C:\WINDOWS\ie7updates
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:02:53 ----D---- C:\Program Files\Internet Explorer
2008-12-03 10:28:07 ----D---- C:\Program Files\UltimateBet
2008-11-29 14:52:21 ----D---- C:\Program Files\MSN Games
2008-11-29 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-14 27992]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-25 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-27 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-19 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 59264]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-02-18 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 acphx37z;acphx37z; C:\WINDOWS\system32\drivers\acphx37z.sys []
S3 af8jnnhj;af8jnnhj; C:\WINDOWS\system32\drivers\af8jnnhj.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-04-11 20496]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-20 14:49:53

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC

Salut,

Tu as une centaine d'infections Vundo/Virtumonde dans ton PC d'où les popups.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

On continue.

• Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
• Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
• Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
• Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
• Sélectionne Exécuter un examen rapide.
• Clique sur Rechercher.
• L'analyse démarre.
• A la fin de l'analyse, un message s'affiche :

• Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
• Ferme tes navigateurs.
• Si des malwares ont été détectés, clique sur Afficher les résultats.
• Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Ok. Je vais allez dormir, bonne nuit.

• Relance MBAM, va dans Quarantaine et supprime tout.

• Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
• Double-clique sur RSIT.exe afin de lancer le programme.
• Clique sur Continue à l'écran Disclaimer.
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit\.

info.txt logfile of random's system information tool 1.05 2009-02-20 14:49:53

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
500 From Special K Software-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\500 From Special K\ST6UNST.LOG"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere Pro Tryout-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDPoker-->"C:\Poker\CDPoker\_SetupPoker.exe" /uninstall
Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Condition Zero Deleted Scenes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
ConvertXtoDVD 3.0.0.1-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Daum ÆÌÇ÷¹À̾î-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer-->MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
Empire Earth III-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0xc0c -removeonly
First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}\setup.exe" -l0x40c UNINSTALL
ForceBindIP-->C:\WINDOWS\system32\ForceBindIP-Uninstaller.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gnuf.com Casino-->C:\Program Files\Gnuf\Casino\uninst.exe
Gnuf.com Poker-->C:\Program Files\Gnuf\Poker\uninst.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"
Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x40c
Heroes of Might and Magic® IV: Winds of War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hollywood Poker Tournament Director's Poker Clock-->C:\Program Files\Hollywood Poker Tournament Director's Poker Clock\Hollywood Poker Tournament Director's Poker Clock.exe /UNINSTALL "C:\WINDOWS\system32\Hollywood Poker Tournament Director's Poker Clock.log"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICCup Launcher-->"C:\Documents and Settings\All Users\Desktop\Launcher\unins000.exe"
ImageMixer EasyStepDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C32B46-41C3-438F-94F6-55FE150D50D8}\setup.exe" -l0x40c UNINSTALL
iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iRiver Updater-->\uninst.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Oblivion mod manager 1.1.5-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
PicturePackages-->MsiExec.exe /X{E0A76F67-9136-4370-9413-891DBCF199CB}
Playchess-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}\setup.exe" -l0xc0c -removeonly
Poker 770-->"C:\Poker\Poker 770\_SetupCasino.exe" /uninstall
PokerRoomSchool-->"C:\Poker\PokerRoomSchool\_SetupPoker[1].exe" /uninstall
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /uokerStars
PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
PowerStrip 3 (remove only)-->C:\Program Files\PowerStrip\uninstal.exe
PPLive 1.9-->C:\Program Files\PPLive\uninst.exe
psqlODBC-->MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
Sea3D-->"C:\Program Files\Sea3D\uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x040c -removeonly
Sid Meier's Civilization 4 - Warlords-->C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x040c -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly
Silkroad-->C:\Program Files\Silkroad\Remove.Exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony DVD Handycam USB Driver 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A360821C-6B51-4EE4-A7E5-5E14B15004CD}\Setup.exe" UNINSTALL
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe"
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Tournament Director 2-->C:\Program Files\The Tournament Director 2\Uninstall.exe
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
UltimateBet-->C:\Program Files\_uninstallation_info\UltimateBet\CasinoUninstall.exe
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB322BA7-761F-476F-ABA1-227331CDEF29}\setup.exe" -l0x9 -removeonly
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Victor Chandler-->"C:\Poker\Victor Chandler\_SetupCasino.exe" /uninstall
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAVI Video Capture 2.0-->"C:\Program Files\WinAVI Video Capture\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

65.98.84.21 tv.gomtv.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090219-0]

System event log

Computer Name: COMPANY-253E74B
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 19132
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: COMPANY-253E74B
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 19131
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User: COMPANY-253E74B\Nicolas

Computer Name: COMPANY-253E74B
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 19130
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 19129
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 19128
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User: COMPANY-253E74B\Nicolas

Application event log

Computer Name: COMPANY-253E74B
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 7581
Source Name: usnjsvc
Time Written: 20090110130026.000000-300
Event Type:
User:

Computer Name: COMPANY-253E74B
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 7580
Source Name: SecurityCenter
Time Written: 20090110115416.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 1
Message:
Record Number: 7579
Source Name: Bonjour Service
Time Written: 20090110115358.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 1517
Message: Windows saved user COMPANY-253E74B\Nicolas registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7578
Source Name: Userenv
Time Written: 20090110001713.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPANY-253E74B
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 7577
Source Name: Userenv
Time Written: 20090110001616.000000-300
Event Type: warning
User: COMPANY-253E74B\Nicolas

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

Je m'en vais dormir, à mon tour (Québec) est-ce que je vais pouvoir réinstaller everest poker ou bien il y a des problème relier à ce programme car dison qu'il y a un système de tournois dans lequel je suis inscrit qui inclut toutes les universités du québec. Si c'est le cas je crois que je vais devoir attendre la fin de ce tournoi, c'est-à-dire 2 semaines.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\log.txt moved successfully.
C:\WINDOWS\system32\9bcf1a77-.txt moved successfully.
C:\Program Files\Everest Poker moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\Perflib_Perfdata_a0c.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02212009_165758

Files moved on Reboot...
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\Perflib_Perfdata_a0c.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.


j'ai fait ce qu'il fallait faire

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 17:27:33 | Sat 2009-02-21 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (Version 5.1.2600)
Computer Name: COMPANY-253E74B
Current User: Nicolas - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)
- F:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Grand Virtual
HKCU\Software\PartyGaming
HKCU\Software\Poker 770
HKCU\Software\Titan Poker
HKLM\Software\Poker 770
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
HKU\S-1-5-21-682003330-1580818891-839522115-1003\Software\Titan Poker
.
C:\log_lobby_dumper.txt
C:\log_lobby.txt
C:\Poker\Poker 770
C:\Poker\Poker 770\data
C:\Poker\Poker 770\History
C:\Poker\Poker 770\data\blackjack
C:\Poker\Poker 770\data\casinowar
C:\Poker\Poker 770\data\craps
C:\Poker\Poker 770\data\keno
C:\Poker\Poker 770\data\lobby
C:\Poker\Poker 770\data\poker_caribbean
C:\Poker\Poker 770\data\poker_holdem
C:\Poker\Poker 770\data\roulette
C:\Poker\Poker 770\data\shared
C:\Poker\Poker 770\data\slots_bonusbears25line
C:\Poker\Poker 770\data\slots_cinerama5reel
C:\Poker\Poker 770\data\slots_desert20line
C:\Poker\Poker 770\data\slots_forestofwonders25line
C:\Poker\Poker 770\data\slots_gold8line
C:\Poker\Poker 770\data\slots_lotto20line
C:\Poker\Poker 770\data\slots_lovemore20line
C:\Poker\Poker 770\data\slots_silentsamurai9line
C:\Poker\Poker 770\data\slots_wildspirit20line
C:\Poker\Poker 770\data\table
C:\Poker\Poker 770\data\videopoker_4aces
C:\Poker\Poker 770\data\videopoker_4jacks
C:\Poker\Poker 770\data\videopoker_jacks
C:\Poker\Poker 770\data\videopoker_joker
C:\Poker\Poker 770\data\craps\3d
C:\Poker\Poker 770\data\keno\3d
C:\Poker\Poker 770\data\keno\buttons
C:\Poker\Poker 770\data\keno\sounds
C:\Poker\Poker 770\data\lobby\buttons
C:\Poker\Poker 770\data\lobby\dialogs
C:\Poker\Poker 770\data\lobby\login
C:\Poker\Poker 770\data\lobby\sidegames
C:\Poker\Poker 770\data\lobby\tables
C:\Poker\Poker 770\data\lobby\waitinglist
C:\Poker\Poker 770\data\roulette\3d
C:\Poker\Poker 770\data\roulette\buttons
C:\Poker\Poker 770\data\roulette\sounds
C:\Poker\Poker 770\data\roulette\zoom
C:\Poker\Poker 770\data\shared\3d
C:\Poker\Poker 770\data\shared\9line
C:\Poker\Poker 770\data\shared\blackjack
C:\Poker\Poker 770\data\shared\buttons
C:\Poker\Poker 770\data\shared\cards
C:\Poker\Poker 770\data\shared\coins
C:\Poker\Poker 770\data\shared\dollarball
C:\Poker\Poker 770\data\shared\doublescreen
C:\Poker\Poker 770\data\shared\fonts
C:\Poker\Poker 770\data\shared\history
C:\Poker\Poker 770\data\shared\html
C:\Poker\Poker 770\data\shared\interface
C:\Poker\Poker 770\data\shared\options
C:\Poker\Poker 770\data\shared\slots
C:\Poker\Poker 770\data\shared\sounds
C:\Poker\Poker 770\data\shared\tablegames
C:\Poker\Poker 770\data\shared\tablesigns
C:\Poker\Poker 770\data\shared\ui
C:\Poker\Poker 770\data\shared\videopoker_4line
C:\Poker\Poker 770\data\shared\videopoker_jacks
C:\Poker\Poker 770\data\shared\cards\poker
C:\Poker\Poker 770\data\shared\cards\textures
C:\Poker\Poker 770\data\shared\coins\tablecoins
C:\Poker\Poker 770\data\shared\dollarball\sounds
C:\Poker\Poker 770\data\shared\history\cards
C:\Poker\Poker 770\data\shared\html\chat
C:\Poker\Poker 770\data\shared\html\chat\emoticons
C:\Poker\Poker 770\data\shared\interface\chat
C:\Poker\Poker 770\data\shared\slots\lines
C:\Poker\Poker 770\data\shared\sounds\dealervoices
C:\Poker\Poker 770\data\shared\sounds\playersounds
C:\Poker\Poker 770\data\shared\sounds\dealervoices\numbers
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchgirl
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchman
C:\Poker\Poker 770\data\shared\sounds\playersounds\mafiaguy
C:\Poker\Poker 770\data\shared\sounds\playersounds\olderbusinesswoman
C:\Poker\Poker 770\data\shared\sounds\playersounds\oldtourist
C:\Poker\Poker 770\data\shared\sounds\playersounds\valleygirl
C:\Poker\Poker 770\data\shared\tablegames\gold_dark
C:\Poker\Poker 770\data\shared\videopoker_4line\buttons
C:\Poker\Poker 770\data\slots_bonusbears25line\sounds
C:\Poker\Poker 770\data\slots_cinerama5reel\bonus
C:\Poker\Poker 770\data\slots_cinerama5reel\bonus2
C:\Poker\Poker 770\data\slots_cinerama5reel\sounds
C:\Poker\Poker 770\data\slots_cinerama5reel\wintable
C:\Poker\Poker 770\data\slots_cinerama5reel\bonus\select
C:\Poker\Poker 770\data\slots_cinerama5reel\bonus2\select
C:\Poker\Poker 770\data\slots_desert20line\bonusgame
C:\Poker\Poker 770\data\slots_desert20line\sounds
C:\Poker\Poker 770\data\slots_desert20line\wintable
C:\Poker\Poker 770\data\slots_forestofwonders25line\bonus
C:\Poker\Poker 770\data\slots_forestofwonders25line\sounds
C:\Poker\Poker 770\data\slots_forestofwonders25line\wintable
C:\Poker\Poker 770\data\slots_gold8line\bonus
C:\Poker\Poker 770\data\slots_gold8line\fonts
C:\Poker\Poker 770\data\slots_gold8line\sounds
C:\Poker\Poker 770\data\slots_gold8line\wintable
C:\Poker\Poker 770\data\slots_gold8line\bonus\screen
C:\Poker\Poker 770\data\slots_lotto20line\animation
C:\Poker\Poker 770\data\slots_lotto20line\bonusgame
C:\Poker\Poker 770\data\slots_lotto20line\fonts
C:\Poker\Poker 770\data\slots_lotto20line\sounds
C:\Poker\Poker 770\data\slots_lotto20line\wintable
C:\Poker\Poker 770\data\slots_lovemore20line\dollarball
C:\Poker\Poker 770\data\slots_lovemore20line\sounds
C:\Poker\Poker 770\data\slots_lovemore20line\wintable
C:\Poker\Poker 770\data\slots_silentsamurai9line\bonus
C:\Poker\Poker 770\data\slots_silentsamurai9line\buttons
C:\Poker\Poker 770\data\slots_silentsamurai9line\doubleup
C:\Poker\Poker 770\data\slots_silentsamurai9line\info
C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds
C:\Poker\Poker 770\data\slots_silentsamurai9line\bonus\intro_txt
C:\Poker\Poker 770\data\slots_silentsamurai9line\bonus\ninjas
C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\bonus
C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\doubleup
C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\reelspins
C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\symbols
C:\Poker\Poker 770\data\slots_wildspirit20line\bonus
C:\Poker\Poker 770\data\slots_wildspirit20line\buttons
C:\Poker\Poker 770\data\slots_wildspirit20line\doubleup
C:\Poker\Poker 770\data\slots_wildspirit20line\info
C:\Poker\Poker 770\data\slots_wildspirit20line\sounds
C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\bonus
C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\doubleup
C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\reelspins
C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\symbols
C:\Poker\Poker 770\data\table\3d
C:\Poker\Poker 770\data\table\anim
C:\Poker\Poker 770\data\table\chat
C:\Poker\Poker 770\data\table\smallview
C:\Poker\Poker 770\data\table\topview
C:\Poker\Poker 770\data\table\chat\cards
C:\Poker\Poker 770\data\table\smallview\anim
C:\Poker\Poker 770\data\table\smallview\buttons
C:\Poker\Poker 770\data\table\smallview\chat
C:\Poker\Poker 770\data\table\smallview\coins
C:\Poker\Poker 770\data\table\smallview\chat\chat_bottom
C:\Poker\Poker 770\data\table\topview\anim
C:\Poker\Poker 770\data\table\topview\avatars
C:\Poker\Poker 770\data\table\topview\buttons
C:\Poker\Poker 770\data\table\topview\cards
C:\Poker\Poker 770\data\table\topview\chat
C:\Poker\Poker 770\data\table\topview\coins
C:\Poker\Poker 770\data\table\topview\dialogs
C:\Poker\Poker 770\data\table\topview\history
C:\Poker\Poker 770\data\table\topview\chat\chat_bottom
C:\Poker\Poker 770\data\table\topview\chat\chat_side
C:\Poker\Poker 770\data\videopoker_joker\animation
C:\Poker\Poker 770\History\PSR56758632
C:\Poker\Poker 770\History\PSR56758632\Table
C:\Poker\Poker 770\History\PSR56758632\Tournament
C:\Program Files\PartyGaming
C:\Program Files\PartyGaming\images
C:\Program Files\PartyGaming\Language
C:\Program Files\PartyGaming\PartyCasino
C:\Program Files\PartyGaming\PartyPoker
C:\Program Files\PartyGaming\tmpUpgrade
C:\Program Files\PartyGaming\Language\en_US
C:\Program Files\PartyGaming\Language\en_US\temp
C:\Program Files\PartyGaming\PartyCasino\language
C:\Program Files\PartyGaming\PartyCasino\Temp
C:\Program Files\PartyGaming\PartyCasino\language\en_US
C:\Program Files\PartyGaming\PartyCasino\language\en_US\articles
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\roulette
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\blackjack
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\multiplayerbj
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\blackjack\blackjack
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\multiplayerbj\multiplayerblackjack
C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\roulette\europeanroulette
C:\Program Files\PartyGaming\PartyPoker\HandHistory
C:\Program Files\PartyGaming\PartyPoker\Images
C:\Program Files\PartyGaming\PartyPoker\Language
C:\Program Files\PartyGaming\PartyPoker\NewSounds
C:\Program Files\PartyGaming\PartyPoker\tmpUpgrade
C:\Program Files\PartyGaming\PartyPoker\HandHistory\Slowsh
C:\Program Files\PartyGaming\PartyPoker\Images\NewGameTable
C:\Program Files\PartyGaming\PartyPoker\Language\en_US
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\temp
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images\NewGameTable
C:\Documents and Settings\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
C:\Documents and Settings\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
C:\WINDOWS\Prefetch\CASINO.EXE-241C1ABE.pf
C:\WINDOWS\Prefetch\CSTART.EXE-1EDA82DF.pf
C:\WINDOWS\Prefetch\EVEREST POKER.EXE-33F19199.pf
C:\WINDOWS\Prefetch\POKERTRACKER.EXE-018BB990.pf

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKLM\Software\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKLM\Software\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: 161m1jts.default
.
Prefs.js: Browser.Search.SelectedEngine: "Mozilla Add-ons"
Prefs.js: Browser.Startup.HomePage: "hxxp://www.google.ca/|http://www.rds.ca/|http://www.teamliquid.net/|http://www.gosugamers.net/starcraft/"
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-682003330-1580818891-839522115-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~13280 Bytes] - "C:\Ad-Report-Scan-20.9-.2-21.log"
-

End at: 17:29:25 | 2009-02-21
.
+-----------------| E.O.F - 269 Lines
.

donc si je comprend bien je déinstalle tout?

he bien c'est fait! je vais réinstaller seulement ceux sur lesquels je joue quand je vais jouer! Merci pour tout Destrio5 je n'ai plus de pop up sans cesse et mon ordi semble être plus rapide merci beaucoup beaucoup

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 18:08:38 | Sat 2009-02-21 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (Version 5.1.2600)
Computer Name: COMPANY-253E74B
Current User: Nicolas - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)
- F:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 53

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
.

+-----------------| Eorezo Elements Deleted :

.

+-----------------| Infected Poker Softwares Elements Deleted :

HKCU\Software\Grand Virtual
HKCU\Software\PartyGaming
HKCU\Software\Poker 770
HKCU\Software\Titan Poker
HKLM\Software\Poker 770
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
.
C:\log_lobby_dumper.txt
C:\log_lobby.txt
C:\Program Files\PartyGaming
C:\Documents and Settings\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
C:\WINDOWS\Prefetch\CASINO.EXE-241C1ABE.pf
C:\WINDOWS\Prefetch\CSTART.EXE-1EDA82DF.pf
C:\WINDOWS\Prefetch\EVEREST POKER.EXE-33F19199.pf
C:\WINDOWS\Prefetch\POKERTRACKER.EXE-018BB990.pf

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: 161m1jts.default
.
Prefs.js: Browser.Search.SelectedEngine: "Mozilla Add-ons"
Prefs.js: Browser.Startup.HomePage: "hxxp://www.google.ca/|http://www.rds.ca/|http://www.teamliquid.net/|http://www.gosugamers.net/starcraft/"
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-682003330-1580818891-839522115-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~3952 Bytes] - "C:\Ad-Report-Clean-20.9-.2-21.log"
[~13414 Bytes] - "C:\Ad-Report-Scan-20.9-.2-21.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\20.9-.2-21 - Prefs.js

End at: 18:15:58 | 2009-02-21
.
+-----------------| E.O.F - 91 Lines
.

Avira AntiVir Personal
Report file date: Saturday, February 21, 2009 19:09

Scanning for 1258799 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: COMPANY-253E74B

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 22:16:05
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2009-02-20 22:16:06
ANTIVIR3.VDF : 7.1.2.59 9728 Bytes 2009-02-21 22:16:06
Engineversion : 8.2.0.87
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-02-21 22:16:18
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 2009-02-21 22:16:17
AESCN.DLL : 8.1.1.7 127347 Bytes 2009-02-21 22:16:16
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 19:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 2009-02-21 22:16:15
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2009-02-21 22:16:13
AEHEUR.DLL : 8.1.0.97 1610103 Bytes 2009-02-21 22:16:12
AEHELP.DLL : 8.1.2.0 119159 Bytes 2009-02-21 22:16:10
AEGEN.DLL : 8.1.1.20 336245 Bytes 2009-02-21 22:16:09
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-21 22:16:07
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, February 21, 2009 19:09

Starting search for hidden objects.
'63403' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'NkMonitor.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'PStrip.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Updater.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '72' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD1 [NTSC-US] [SLUS-01251].rar
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD1 [NTSC-US] [SLUS-01251].rar
Error description:ACCESS_VIOLATION
EAX = 07580568 EBX = 023BCA90
ECX = 075804B4 EDX = 000001D2
ESI = 0613E6DF EDI = 023bca8c
EIP = 01361523 EBP = 06960030
ESP = 018EEF34 Flg = 00010287
CS = 00000023 SS = 0000001B
C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD2 [NTSC-US] [SLUS-01295].rar
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD2 [NTSC-US] [SLUS-01295].rar
Error description:ACCESS_VIOLATION
EAX = 09AF0568 EBX = 024E7AA8
ECX = 09AF04B4 EDX = 000001D2
ESI = 086AE6DF EDI = 024e7aa4
EIP = 01361523 EBP = 08ED0030
ESP = 018EEF34 Flg = 00010287
CS = 00000023 SS = 0000001B
C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD3 [NTSC-US] [SLUS-01296].rar
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD3 [NTSC-US] [SLUS-01296].rar
Error description:ACCESS_VIOLATION
EAX = 0C060568 EBX = 02551A90
ECX = 0C0604B4 EDX = 000001D2
ESI = 0AC1E6DF EDI = 02551a8c
EIP = 01361523 EBP = 0B440030
ESP = 018EEF34 Flg = 00010287
CS = 00000023 SS = 0000001B
C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD4 [NTSC-US] [SLUS-01297].rar
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD4 [NTSC-US] [SLUS-01297].rar
Error description:ACCESS_VIOLATION
EAX = 0E5D0568 EBX = 025CCA78
ECX = 0E5D04B4 EDX = 000001D2
ESI = 0D18E6DF EDI = 025cca74
EIP = 01361523 EBP = 0D9B0030
ESP = 018EEF34 Flg = 00010283
CS = 00000023 SS = 0000001B
C:\Downloads\Lunar.Silver.Star.Story.1999-PSX\CD1\lunar-a.r18
[0] Archive type: RAR
--> LUNAR_THE_SILVER_STAR_STORY_1.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Downloads\Lunar.Silver.Star.Story.1999-PSX\CD2\lunar-b.r23
[0] Archive type: RAR
--> LUNAR_THE_SILVER_STAR_STORY_2.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\World of Warcraft\OMG-WoW Launcher.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.aeh.17 back-door program
[NOTE] The file was moved to '49e7b3b4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir
[DETECTION] Is the TR/Dldr.FakeAler.IM Trojan
[NOTE] The file was moved to '49d8b3b1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\aeyskc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b3dd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\aiescj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a05b3e1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\aiivca.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a09b3e2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\alqkvz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b3e5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\aryaao.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b3eb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\awttSMFV.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b3f1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtusrQj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498bff82.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtuTnnK.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b3f2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\axzsav.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1ab3f3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\brafye.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a01b3ed.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\btjvpo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0ab3ef.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\btwmhv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a17b3f0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXNhhEw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f8b3f5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXoPigG.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a67ff86.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXPGXPH.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f8b3f6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXPHaXq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a67ff87.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXRlljk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f8b3f7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXNHBrQ.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f8b3e0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXOIbcd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f8b3e1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXRJBrr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a67ff92.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXRJDUl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f8b3e3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\csxpww.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a18b3f3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcAssrr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3e4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcaXrSl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499cff95.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDuSmJ.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3e5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcYsPfg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499cff96.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgfnil.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a06b3e8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dvlyve.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0cb3f8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\eclkyp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0cb3e5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcARhgF.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3e8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcARHwX.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3e9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcATJDU.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499cff9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcYPfFV.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3eb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcYQKCV.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3ea.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ekcijm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3ef.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\emorop.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0fb3f1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\eswwup.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a17b3f7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\evymdv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b3fb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\exdiuk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a04b3fd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbncja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb3e7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fcccbaxY.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499cff9c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccccBSm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3ed.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccdbbBQ.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499cff9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccYonKa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3ec.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fdpgjt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a10b3eb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fidamufa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a04b3f0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ftwczm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a17b3fc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fvtkos.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b3fe.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fzmucx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0db403.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\geBrsRIY.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e2b3ee.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gmhjkp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a08b3f6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gosmnz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a13b3f8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gutsin.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b3ff.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hdcoyy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3ee.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGaywTm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e7b3f1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGvwXPf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e7b3f2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGwUooN.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a78ff83.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGXOiiJ.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e7b3f3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGxXqOF.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a78ff84.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGyxVpq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e7b3f5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifedcDv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a06b3f6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifefEVN.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4999ff87.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifeFXQi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a06b3f7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifFYQjI.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4999ff88.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\inaxcr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a01b3fc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iqywbc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b400.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhumoa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a15b3f7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkHBTKA.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0bb3fa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkHXPiI.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0bb3fb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkKbYpQ.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4994ff8c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkKddET.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0bb3fc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkLDTkh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4994ff8d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jtpqwn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a10b405.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kfcblr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b3f8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfDwxuv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a06b3fa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kjhplr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a08b3fd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kygtff.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a07b40c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYOFWn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab3fd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYQKda.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab3fe.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYSjIc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a75ff8f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYSlkI.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab3e0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsmtzm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0db408.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lyozkg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0fb40e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJaaAqP.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab401.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJBQJbX.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab402.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJBULff.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a75f873.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJcYpNd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab404.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJYpNff.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49eab403.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mmxaqn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a18b404.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mwjycx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0ab40e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\naopse.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0fb3f9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ncgrnt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a07b3fb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ncvlsq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a16b3fc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nmzgrw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1ab406.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnMCuRk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb407.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nsnusz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb40d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nttzhr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b40e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\odjowb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0ab3ff.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlKCTL.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb40b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlMeDu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4991f87c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlMgfF.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb40c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnnKBt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4991f87d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnOEVO.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb40e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnOFVNh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4991f87e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\oydyim.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a04b416.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\plqzwj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b409.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnlkJCV.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb40f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnKeCV.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4991f860.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnLeee.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4991f87f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnlkHw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb4f0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMcaWOI.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49edb40e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMcDtrS.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49edb40f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMeDSkH.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a72f860.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMgGyWp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49edb410.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qqmhdg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0db412.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rdisfd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a09b405.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rgjhrj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0ab409.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rgwkov.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a17b409.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rmgscd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a07b40f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rnahic.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a01b411.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRHwTnn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f2b414.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRIbXOg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a6df865.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRjgfgD.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f2b415.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRLfeCT.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f2b416.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rzdgpe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a04b41f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sbhprn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a08b408.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekacbjtpete.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a0eb411.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekadbxqxowb.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4991f862.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekagqfwxmpo.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
[NOTE] The file was moved to '4991f881.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\spuuvx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a15b417.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sqctnu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b419.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqOFWmj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b41b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqOIcay.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b41c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPfDus.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498ef86d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqpQKda.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b41e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqQkKcd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b41d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfbhrr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a02b410.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfgudb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a07b410.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tiqyge.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b414.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\trfagm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a06b41e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvUOgDW.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a16b422.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvVPjHy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4989f853.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvvvWMf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a16b423.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWnMfC.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a16b424.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWoljk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4989f855.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWopmk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a16b425.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvwuUnl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4989f856.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tyilkr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a09b42a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ugcrha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a03b418.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\unznjx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1ab41f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\urhjeb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a08b423.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOEwWN.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b424.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOGXRI.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498ef855.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqQgeba.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b425.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqQjghE.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498ef856.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqRKDsp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b426.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\uwthps.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b42b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUkiGAq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f5b428.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUnmJYO.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f5b429.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUooLcd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a6af85a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vzlwnn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0cb42f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUligde.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f5b42c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUommNH.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a6af85d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUoNhFu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f5b42e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUoOGxY.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f5b42d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUoOIXP.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a6af85e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxxzlj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a18b430.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xetwbi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a14b41d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xfnkdw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0eb41e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xoqwqe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a11b427.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywUOig.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b431.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyyvWQG.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4986f842.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayvVOeF.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b41a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywTnLE.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b41b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywtQKB.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b41c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyAsRh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4986f86d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyWnnk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a19b41e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycdhnx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499bf850.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ychdwj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a08b41f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ywowln.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a0fb433.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zspiwj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a10b430.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekalnqviqgd.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
[NOTE] The file was moved to '4a0eb422.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084109.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
[NOTE] The file was moved to '49d0b57b.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084110.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a4d884c.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084111.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d0b57c.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084112.dll
[DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
[NOTE] The file was moved to '4a4d884d.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084136.exe
[DETECTION] Is the TR/Dldr.FakeAler.IM Trojan
[NOTE] The file was moved to '49d0b57d.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084137.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d884e.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084138.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b57e.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084139.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d884f.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084140.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b560.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084141.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8851.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084142.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b57f.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084143.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b0.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084144.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b580.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084145.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b1.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084146.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b582.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084147.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b581.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084148.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b2.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084149.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b583.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084150.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b3.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084151.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b584.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084152.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b4.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084153.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b585.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084154.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b6.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084155.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b587.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084156.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b5.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084157.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b586.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084158.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b7.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084159.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b8.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084160.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b589.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084161.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88ba.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084162.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b588.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084163.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88b9.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084164.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b58a.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084165.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88bb.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084166.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b58b.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084167.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88bc.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084168.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b58c.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084169.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88bd.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084170.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b58e.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084171.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88bf.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084172.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b58d.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084173.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88be.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084174.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5f0.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084175.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88c1.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084176.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5f2.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084177.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b58f.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084178.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a0.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084179.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b591.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084180.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a2.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084181.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88c3.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084182.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5f4.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084183.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88c5.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084184.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b593.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084185.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a4.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084186.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b595.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084187.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5f6.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084188.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88c7.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084189.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5f8.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084190.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a6.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084191.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b597.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084192.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a8.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084193.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b599.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084194.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b590.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084195.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a1.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084196.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b592.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084197.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88aa.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084198.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b59b.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084199.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88ac.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084200.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b59d.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084201.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a3.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084202.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b594.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084203.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a5.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084204.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88ae.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084205.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b59f.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084206.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8890.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084207.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b596.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084208.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a7.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084209.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b598.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084210.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88a9.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084211.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a1.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084212.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8892.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084213.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b59a.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084214.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88ab.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084215.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b59c.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084216.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a3.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084217.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8894.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084218.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a5.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084219.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88ad.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084220.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b59e.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084221.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88af.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084222.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88c9.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084223.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8896.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084224.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a7.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084225.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8898.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084226.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5fa.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084227.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88cb.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084228.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5fc.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084229.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a9.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084230.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88cd.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084231.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5fe.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084232.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d889a.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084233.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5ab.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084234.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88cf.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084235.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5e0.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084236.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d88d1.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084237.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d889c.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084238.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5ad.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084239.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a0.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084240.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8891.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084241.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d889e.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084242.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5af.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084243.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8880.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084244.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5b1.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084245.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a2.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084247.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8893.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084248.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a4.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084249.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8895.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084250.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8882.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084251.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5b3.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084252.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8884.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084253.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a6.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084254.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8897.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084255.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5a8.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084256.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8899.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084257.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5b5.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084258.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8886.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084259.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5b7.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084260.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d8888.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084261.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5aa.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084262.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d889b.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084263.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5ac.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084264.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5b9.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084265.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d888a.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084266.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49d0b5bb.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084267.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d888c.qua'!
C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084268.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a4d889d.qua'!
C:\System Volume Inf

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nicolas at 2009-02-22 11:02:11
Microsoft Windows XP Professional Service Pack 2
System drive C: has 56 GB (18%) free of 305 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:15, on 2009-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Updater.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PPLiveVA\PPLiveVA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
C:\Program Files\trend micro\Nicolas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/J [...] 586-jc.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\fidamufa.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11821 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
"SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
"Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
"PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\fidamufa.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fidamufa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
"C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:EnabledctoshapeClient"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA"
"C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
"C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
"C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabledaum ?????"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabledaum ?????"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:EnabledPLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:EnabledPLiveVA"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 3 months======

2009-02-21 21:34:25 ----D---- C:\ComboFix
2009-02-21 21:33:56 ----D---- C:\32788R22FWJFW
2009-02-21 19:03:22 ----SHD---- C:\Config.Msi
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\java.exe
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-21 17:24:52 ----D---- C:\Program Files\Ad-remover
2009-02-21 17:14:31 ----D---- C:\Program Files\Avira
2009-02-21 17:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-02-21 16:58:23 ----SHD---- C:\RECYCLER
2009-02-21 14:48:59 ----D---- C:\WINDOWS\temp
2009-02-21 14:48:55 ----A---- C:\ComboFix.txt
2009-02-20 15:52:51 ----A---- C:\Boot.bak
2009-02-20 15:52:36 ----RASHD---- C:\cmdcons
2009-02-20 15:50:33 ----D---- C:\WINDOWS\ERDNT
2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
2009-02-20 14:49:38 ----D---- C:\rsit
2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-07 19:27:34 ----A---- C:\rapport.txt
2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
2009-02-05 22:28:28 ----A---- C:\WINDOWS\system32\ati2sgag.exe
2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
2009-01-18 18:23:49 ----D---- C:\Poker
2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 15:43:59 ----D---- C:\PPVADownloads
2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info

======List of files/folders modified in the last 3 months======

2009-02-22 11:02:15 ----D---- C:\WINDOWS\Prefetch
2009-02-22 11:01:16 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
2009-02-22 10:59:43 ----D---- C:\Program Files\Mozilla Firefox
2009-02-22 10:58:55 ----SD---- C:\WINDOWS\Tasks
2009-02-22 10:57:58 ----D---- C:\Program Files\Steam
2009-02-22 10:57:01 ----D---- C:\Program Files\DNA
2009-02-22 10:57:01 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
2009-02-22 08:35:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 02:24:30 ----D---- C:\WINDOWS\system32\config
2009-02-21 23:30:29 ----D---- C:\Downloads
2009-02-21 23:17:30 ----RD---- C:\Program Files
2009-02-21 21:35:50 ----SHD---- C:\System Volume Information
2009-02-21 21:35:50 ----D---- C:\WINDOWS\system32\Restore
2009-02-21 21:34:49 ----D---- C:\WINDOWS
2009-02-21 21:34:42 ----D---- C:\WINDOWS\system32
2009-02-21 21:07:35 ----D---- C:\Program Files\World of Warcraft
2009-02-21 19:05:06 ----SHD---- C:\WINDOWS\Installer
2009-02-21 19:04:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-21 19:04:19 ----D---- C:\Program Files\Common Files\Adobe
2009-02-21 19:04:19 ----D---- C:\Program Files\Adobe
2009-02-21 19:01:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-21 19:01:17 ----D---- C:\Program Files\Java
2009-02-21 18:59:48 ----D---- C:\Program Files\Common Files
2009-02-21 17:58:27 ----D---- C:\Program Files\Yahoo!
2009-02-21 17:55:20 ----D---- C:\Program Files\UltimateBet
2009-02-21 17:55:04 ----D---- C:\Program Files\The Tournament Director 2
2009-02-21 17:50:50 ----D---- C:\Program Files\Gnuf
2009-02-21 17:48:26 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-21 17:48:25 ----D---- C:\Program Files\Full Tilt Poker
2009-02-21 17:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-21 17:14:35 ----D---- C:\WINDOWS\system32\drivers
2009-02-21 14:34:38 ----A---- C:\WINDOWS\system.ini
2009-02-21 14:25:09 ----D---- C:\WINDOWS\AppPatch
2009-02-21 12:39:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-21 11:50:09 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
2009-02-20 17:25:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-20 15:52:51 ----RASH---- C:\boot.ini
2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
2009-02-19 21:24:32 ----D---- C:\Documents and Settings
2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-01-13 22:45:52 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-01-13 22:44:05 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-01-13 22:37:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-01-13 22:37:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-05 13:18:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-05 02:13:24 ----A---- C:\WINDOWS\BnetLog.txt
2009-01-01 10:25:47 ----D---- C:\Program Files\DivX
2008-12-30 17:09:53 ----D---- C:\WINDOWS\Minidump
2008-12-19 03:00:43 ----D---- C:\WINDOWS\ie7updates
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:02:53 ----D---- C:\Program Files\Internet Explorer
2008-11-29 14:52:21 ----D---- C:\Program Files\MSN Games
2008-11-29 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-14 27992]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-25 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-27 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-19 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 59264]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-02-18 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ai4pagom;ai4pagom; C:\WINDOWS\system32\drivers\ai4pagom.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 ayuj6rcd;ayuj6rcd; C:\WINDOWS\system32\drivers\ayuj6rcd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-04-11 20496]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-21 152984]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------



En passant, mon ordi fait des bruits quand je démarre l'ordinateur (bip bip bip) et puis quand tu as 411 infections avec avira, cela fait une grande symphonie, est-il possible de baissé le volume ou tout simplement d'arrêter le son qui fait bip bip au démmarage?? et mon autre question, est-ce que je supprime tous les fichiers en quarantaines?

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nicolas at 2009-02-22 12:30:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 56 GB (18%) free of 305 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:47, on 2009-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Updater.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PPLiveVA\PPLiveVA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
C:\Program Files\trend micro\Nicolas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/J [...] 586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11549 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
"SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
"SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
"Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
"PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fidamufa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
"C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:EnabledctoshapeClient"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA"
"C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
"C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
"C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabledaum ?????"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabledaum ?????"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:EnabledPLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:EnabledPLiveVA"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 3 months======

2009-02-21 21:34:25 ----D---- C:\ComboFix
2009-02-21 21:33:56 ----D---- C:\32788R22FWJFW
2009-02-21 19:03:22 ----SHD---- C:\Config.Msi
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\java.exe
2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-21 17:24:52 ----D---- C:\Program Files\Ad-remover
2009-02-21 17:14:31 ----D---- C:\Program Files\Avira
2009-02-21 17:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-02-21 16:58:23 ----SHD---- C:\RECYCLER
2009-02-21 14:48:59 ----D---- C:\WINDOWS\temp
2009-02-21 14:48:55 ----A---- C:\ComboFix.txt
2009-02-20 15:52:51 ----A---- C:\Boot.bak
2009-02-20 15:52:36 ----RASHD---- C:\cmdcons
2009-02-20 15:50:33 ----D---- C:\WINDOWS\ERDNT
2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
2009-02-20 14:49:38 ----D---- C:\rsit
2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-07 19:27:34 ----A---- C:\rapport.txt
2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
2009-02-05 22:28:28 ----A---- C:\WINDOWS\system32\ati2sgag.exe
2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
2009-01-18 18:23:49 ----D---- C:\Poker
2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 15:43:59 ----D---- C:\PPVADownloads
2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info

======List of files/folders modified in the last 3 months======

2009-02-22 12:29:36 ----D---- C:\Program Files\Mozilla Firefox
2009-02-22 12:29:07 ----D---- C:\WINDOWS\Prefetch
2009-02-22 12:27:11 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
2009-02-22 12:25:04 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-22 11:01:16 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
2009-02-22 10:58:55 ----SD---- C:\WINDOWS\Tasks
2009-02-22 10:57:58 ----D---- C:\Program Files\Steam
2009-02-22 10:57:01 ----D---- C:\Program Files\DNA
2009-02-22 08:35:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 02:24:30 ----D---- C:\WINDOWS\system32\config
2009-02-21 23:30:29 ----D---- C:\Downloads
2009-02-21 23:17:30 ----RD---- C:\Program Files
2009-02-21 21:35:50 ----SHD---- C:\System Volume Information
2009-02-21 21:35:50 ----D---- C:\WINDOWS\system32\Restore
2009-02-21 21:34:49 ----D---- C:\WINDOWS
2009-02-21 21:34:42 ----D---- C:\WINDOWS\system32
2009-02-21 21:07:35 ----D---- C:\Program Files\World of Warcraft
2009-02-21 19:05:06 ----SHD---- C:\WINDOWS\Installer
2009-02-21 19:04:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-21 19:04:19 ----D---- C:\Program Files\Common Files\Adobe
2009-02-21 19:04:19 ----D---- C:\Program Files\Adobe
2009-02-21 19:01:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-21 19:01:17 ----D---- C:\Program Files\Java
2009-02-21 18:59:48 ----D---- C:\Program Files\Common Files
2009-02-21 17:58:27 ----D---- C:\Program Files\Yahoo!
2009-02-21 17:55:20 ----D---- C:\Program Files\UltimateBet
2009-02-21 17:55:04 ----D---- C:\Program Files\The Tournament Director 2
2009-02-21 17:50:50 ----D---- C:\Program Files\Gnuf
2009-02-21 17:48:26 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-21 17:48:25 ----D---- C:\Program Files\Full Tilt Poker
2009-02-21 17:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-21 17:14:35 ----D---- C:\WINDOWS\system32\drivers
2009-02-21 14:34:38 ----A---- C:\WINDOWS\system.ini
2009-02-21 14:25:09 ----D---- C:\WINDOWS\AppPatch
2009-02-21 11:50:09 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
2009-02-20 17:25:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-20 15:52:51 ----RASH---- C:\boot.ini
2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
2009-02-19 21:24:32 ----D---- C:\Documents and Settings
2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-01-13 22:45:52 ----A---- C:\WINDOWS\sys