Se connecter / S'enregistrer
Votre question

Virus ultra pop up

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Février 2009 20:48:08

Bonjour à tous, J'ai un problème de pop up majeur, à environ a toutes les 30-60 secondes, un ou 30 pop up ouvre en même temps, plutot ennuyant. J'aimerais savoir quoi faire. (juste en écrivant le messages jai eu près de 5 pop up!!!!)

Autres pages sur : virus ultra pop

20 Février 2009 20:52:03

j'ai devancé un peu la démarche, j'ai exécuter le programme RSIT.exe


Logfile of random's system information tool 1.05 (written by random/random)
Run by Nicolas at 2009-02-20 14:49:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 40 GB (13%) free of 305 GB
Total RAM: 2047 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:45, on 2009-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PPLiveVA\PPLiveVA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
C:\Program Files\trend micro\Nicolas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 65.98.84.21 tv.gomtv.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {294bd579-b318-4cbb-8bbd-59a022d3d7f7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtsPjjG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {f5134c9c-1825-b60b-b1e4-35dea5811b8c} - {c8b1185a-ed53-4e1b-b06b-5281c9c4315f} - C:\WINDOWS\system32\sqctnu.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3803] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1357] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6215] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3710] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5438] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA624] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3425] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3425] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3852] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC403] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA990] command.com /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Program Files\Gnuf\Casino\casinogame.exe
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Program Files\Gnuf\Poker\MPPoker.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlayer/launcher/PotPlayerL...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: xkrnla.dll vcvuwf.dll rstifc.dll ezzgwc.dll umffgc.dll klkivk.dll rlmfsk.dll zgtwwd.dll axqakq.dll gpcpmv.dll xothzo.dll twjwqd.dll bkwuny.dll nqqxzb.dll ufiaaj.dll ddzmgg.dll hkkkpl.dll afdexe.dll ywtryp.dll qkikcu.dll ggopnj.dll jblujo.dll pbyjlt.dll dxmdfk.dll jryxdk.dll eheiif.dll impsdf.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: awtsPjjG - C:\WINDOWS\SYSTEM32\awtsPjjG.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 15463 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{294bd579-b318-4cbb-8bbd-59a022d3d7f7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\awtsPjjG.dll [2009-02-12 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8b1185a-ed53-4e1b-b06b-5281c9c4315f}]
C:\WINDOWS\system32\sqctnu.dll [2009-02-18 129024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC3803"=cmd.exe /c del C:\Program Files\Everest Poker\gvcrt.dll []
"SpybotDeletingA1357"=command.com /c del C:\Program Files\Everest Poker\gvmain.exe []
"SpybotDeletingC6215"=cmd.exe /c del C:\Program Files\Everest Poker\gvmain.exe []
"SpybotDeletingA3710"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt []
"SpybotDeletingC5438"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt []
"SpybotDeletingA624"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art []
"SpybotDeletingC3425"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art []
"SpybotDeletingA3425"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingA3852"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingC403"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingA990"=command.com /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
"SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
"SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
"SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
"SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
"SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
"Utopia Angel"=C:\Utopia\Angel\Angel.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
"Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
"PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-11 2356088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
"SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="xkrnla.dll vcvuwf.dll rstifc.dll ezzgwc.dll umffgc.dll klkivk.dll rlmfsk.dll zgtwwd.dll axqakq.dll gpcpmv.dll xothzo.dll twjwqd.dll bkwuny.dll nqqxzb.dll ufiaaj.dll ddzmgg.dll hkkkpl.dll afdexe.dll ywtryp.dll qkikcu.dll ggopnj.dll jblujo.dll pbyjlt.dll dxmdfk.dll jryxdk.dll eheiif.dll impsdf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsPjjG]
C:\WINDOWS\system32\awtsPjjG.dll [2009-02-12 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\awtsPjjG.dll [2009-02-12 35328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnmnnKa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv16A.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv16A.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsa172.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsa172.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsw1BE.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsw1BE.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nssA.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nssA.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv27.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsv27.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nsu10.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nsu10.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicolas\Local Settings\Temp\nss1CC.tmp\utorrent.exe"="C:\Documents and Settings\Nicolas\Local Settings\Temp\nss1CC.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:Enabled:o ctoshapeClient"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\steamapps\charcute\condition zero deleted scenes\hl.exe"="C:\Program Files\Steam\steamapps\charcute\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Administrator\Desktop\uTorrent.exe"="C:\Documents and Settings\Administrator\Desktop\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
"C:\Documents and Settings\Nicolas\Desktop\age2\empires2.exe"="C:\Documents and Settings\Nicolas\Desktop\age2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Nicolas\Desktop\age2\age2_x1.exe"="C:\Documents and Settings\Nicolas\Desktop\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
"C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
"C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabled:D aum ?????"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:D aum ?????"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:p PSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:p PS ÍøÂç¼ÓËÙÆ÷"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:p PLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:p PLiveVA"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 3 months======

2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
2009-02-20 14:49:38 ----D---- C:\rsit
2009-02-20 14:09:09 ----A---- C:\WINDOWS\system32\odjowb.dll
2009-02-20 14:09:08 ----A---- C:\WINDOWS\system32\qoMcaWOI.dll
2009-02-20 13:08:53 ----A---- C:\WINDOWS\system32\xetwbi.dll
2009-02-20 13:08:52 ----A---- C:\WINDOWS\system32\rqRjgfgD.dll
2009-02-20 12:08:39 ----A---- C:\WINDOWS\system32\btjvpo.dll
2009-02-20 12:08:38 ----A---- C:\WINDOWS\system32\tuvWopmk.dll
2009-02-20 11:07:53 ----A---- C:\WINDOWS\system32\rgwkov.dll
2009-02-20 11:07:53 ----A---- C:\WINDOWS\system32\ddcDuSmJ.dll
2009-02-20 10:07:31 ----A---- C:\WINDOWS\system32\jkkHBTKA.dll
2009-02-20 10:07:31 ----A---- C:\WINDOWS\system32\brafye.dll
2009-02-19 22:36:14 ----A---- C:\WINDOWS\system32\ftwczm.dll
2009-02-19 22:36:13 ----A---- C:\WINDOWS\system32\yayyWnnk.dll
2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\Pncrt.dll
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
2009-02-19 21:35:58 ----A---- C:\WINDOWS\system32\csxpww.dll
2009-02-19 21:35:57 ----A---- C:\WINDOWS\system32\cbXOIbcd.dll
2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
2009-02-19 21:12:30 ----A---- C:\Documents and Settings\Nicolas\Application Data\inst.exe
2009-02-19 20:35:39 ----A---- C:\WINDOWS\system32\lsmtzm.dll
2009-02-19 20:35:38 ----A---- C:\WINDOWS\system32\wvUligde.dll
2009-02-19 19:35:24 ----A---- C:\WINDOWS\system32\kjhplr.dll
2009-02-19 19:35:23 ----A---- C:\WINDOWS\system32\awtusrQj.dll
2009-02-19 18:35:10 ----A---- C:\WINDOWS\system32\ekcijm.dll
2009-02-19 18:35:02 ----A---- C:\WINDOWS\system32\iifFYQjI.dll
2009-02-19 17:34:48 ----A---- C:\WINDOWS\system32\dgfnil.dll
2009-02-19 17:34:47 ----A---- C:\WINDOWS\system32\ssqPfDus.dll
2009-02-19 16:34:30 ----A---- C:\WINDOWS\system32\axzsav.dll
2009-02-19 16:34:29 ----A---- C:\WINDOWS\system32\ssqQkKcd.dll
2009-02-19 15:33:45 ----A---- C:\WINDOWS\system32\urqOEwWN.dll
2009-02-19 15:33:45 ----A---- C:\WINDOWS\system32\aryaao.dll
2009-02-19 14:33:31 ----A---- C:\WINDOWS\system32\rmgscd.dll
2009-02-19 14:33:26 ----A---- C:\WINDOWS\system32\fcccbaxY.dll
2009-02-19 13:33:11 ----A---- C:\WINDOWS\system32\ycdhnx.dll
2009-02-19 13:33:11 ----A---- C:\WINDOWS\system32\hgGvwXPf.dll
2009-02-19 12:32:56 ----A---- C:\WINDOWS\system32\rnahic.dll
2009-02-19 12:32:55 ----A---- C:\WINDOWS\system32\tuvWoljk.dll
2009-02-19 11:32:11 ----A---- C:\WINDOWS\system32\xfnkdw.dll
2009-02-19 11:32:10 ----A---- C:\WINDOWS\system32\cbXRJDUl.dll
2009-02-19 10:31:52 ----A---- C:\WINDOWS\system32\mwjycx.dll
2009-02-19 10:31:48 ----A---- C:\WINDOWS\system32\ljJYOFWn.dll
2009-02-18 20:50:16 ----A---- C:\WINDOWS\system32\sqctnu.dll
2009-02-18 20:50:15 ----A---- C:\WINDOWS\system32\urqQgeba.dll
2009-02-18 19:50:01 ----A---- C:\WINDOWS\system32\tfbhrr.dll
2009-02-18 19:50:00 ----A---- C:\WINDOWS\system32\efcARHwX.dll
2009-02-18 18:49:46 ----A---- C:\WINDOWS\system32\alqkvz.dll
2009-02-18 18:49:45 ----A---- C:\WINDOWS\system32\ssqOFWmj.dll
2009-02-18 17:49:01 ----A---- C:\WINDOWS\system32\sbhprn.dll
2009-02-18 17:49:01 ----A---- C:\WINDOWS\system32\mlJYpNff.dll
2009-02-18 16:48:17 ----A---- C:\WINDOWS\system32\gutsin.dll
2009-02-18 16:48:16 ----A---- C:\WINDOWS\system32\ssqOIcay.dll
2009-02-18 15:47:32 ----A---- C:\WINDOWS\system32\nttzhr.dll
2009-02-18 15:47:31 ----A---- C:\WINDOWS\system32\fccdbbBQ.dll
2009-02-18 14:46:47 ----A---- C:\WINDOWS\system32\ncgrnt.dll
2009-02-18 14:46:46 ----A---- C:\WINDOWS\system32\opnnnKBt.dll
2009-02-18 13:46:02 ----A---- C:\WINDOWS\system32\ywowln.dll
2009-02-18 13:46:01 ----A---- C:\WINDOWS\system32\rqRHwTnn.dll
2009-02-18 12:45:47 ----A---- C:\WINDOWS\system32\aeyskc.dll
2009-02-18 12:45:46 ----A---- C:\WINDOWS\system32\efcARhgF.dll
2009-02-18 11:20:35 ----A---- C:\WINDOWS\system32\yayvVOeF.dll
2009-02-18 11:20:35 ----A---- C:\WINDOWS\system32\hdcoyy.dll
2009-02-17 23:00:51 ----A---- C:\WINDOWS\system32\efcATJDU.dll
2009-02-17 23:00:51 ----A---- C:\WINDOWS\system32\aiescj.dll
2009-02-17 22:00:36 ----A---- C:\WINDOWS\system32\tuvWnMfC.dll
2009-02-17 22:00:36 ----A---- C:\WINDOWS\system32\tiqyge.dll
2009-02-17 21:00:22 ----A---- C:\WINDOWS\system32\dvlyve.dll
2009-02-17 21:00:21 ----A---- C:\WINDOWS\system32\wvUoOIXP.dll
2009-02-17 20:00:06 ----A---- C:\WINDOWS\system32\uwthps.dll
2009-02-17 20:00:06 ----A---- C:\WINDOWS\system32\iifefEVN.dll
2009-02-17 18:59:21 ----A---- C:\WINDOWS\system32\vtUnmJYO.dll
2009-02-17 18:59:21 ----A---- C:\WINDOWS\system32\plqzwj.dll
2009-02-17 17:58:37 ----A---- C:\WINDOWS\system32\fdpgjt.dll
2009-02-17 17:58:36 ----A---- C:\WINDOWS\system32\hgGaywTm.dll
2009-02-17 16:58:22 ----A---- C:\WINDOWS\system32\wxxzlj.dll
2009-02-17 16:58:21 ----A---- C:\WINDOWS\system32\byXoPigG.dll
2009-02-17 15:57:38 ----A---- C:\WINDOWS\system32\evymdv.dll
2009-02-17 15:57:37 ----A---- C:\WINDOWS\system32\rqRIbXOg.dll
2009-02-17 14:56:53 ----A---- C:\WINDOWS\system32\emorop.dll
2009-02-17 14:56:52 ----A---- C:\WINDOWS\system32\xxyyvWQG.dll
2009-02-17 13:56:38 ----A---- C:\WINDOWS\system32\impsdf.dll
2009-02-17 13:56:37 ----A---- C:\WINDOWS\system32\jkkHXPiI.dll
2009-02-17 12:56:23 ----A---- C:\WINDOWS\system32\eheiif.dll
2009-02-17 12:56:22 ----A---- C:\WINDOWS\system32\fccYonKa.dll
2009-02-17 11:56:04 ----A---- C:\WINDOWS\system32\rqRLfeCT.dll
2009-02-17 11:56:04 ----A---- C:\WINDOWS\system32\jryxdk.dll
2009-02-17 10:55:44 ----A---- C:\WINDOWS\system32\dxmdfk.dll
2009-02-17 10:55:43 ----A---- C:\WINDOWS\system32\yaywtQKB.dll
2009-02-17 09:55:29 ----A---- C:\WINDOWS\system32\pbyjlt.dll
2009-02-17 09:55:28 ----A---- C:\WINDOWS\system32\byXPHaXq.dll
2009-02-17 08:55:14 ----A---- C:\WINDOWS\system32\mlJBULff.dll
2009-02-17 08:55:14 ----A---- C:\WINDOWS\system32\jblujo.dll
2009-02-17 07:54:52 ----A---- C:\WINDOWS\system32\hgGxXqOF.dll
2009-02-17 07:54:52 ----A---- C:\WINDOWS\system32\fvtkos.dll
2009-02-16 23:03:52 ----A---- C:\WINDOWS\system32\trfagm.dll
2009-02-16 23:03:51 ----A---- C:\WINDOWS\system32\cbXRJBrr.dll
2009-02-16 22:03:07 ----A---- C:\WINDOWS\system32\ggopnj.dll
2009-02-16 22:03:06 ----A---- C:\WINDOWS\system32\wvUoNhFu.dll
2009-02-16 21:02:52 ----A---- C:\WINDOWS\system32\qkikcu.dll
2009-02-16 21:02:51 ----A---- C:\WINDOWS\system32\khfDwxuv.dll
2009-02-16 19:02:16 ----A---- C:\WINDOWS\system32\ywtryp.dll
2009-02-16 19:02:15 ----A---- C:\WINDOWS\system32\qoMeDSkH.dll
2009-02-16 18:02:01 ----A---- C:\WINDOWS\system32\afdexe.dll
2009-02-16 18:02:00 ----A---- C:\WINDOWS\system32\opnOFVNh.dll
2009-02-16 18:00:36 ----D---- C:\Program Files\Everest Poker
2009-02-16 17:01:45 ----A---- C:\WINDOWS\system32\hkkkpl.dll
2009-02-16 17:01:44 ----A---- C:\WINDOWS\system32\ddcYsPfg.dll
2009-02-16 16:00:59 ----A---- C:\WINDOWS\system32\urhjeb.dll
2009-02-16 16:00:58 ----A---- C:\WINDOWS\system32\jkkLDTkh.dll
2009-02-16 15:00:43 ----A---- C:\WINDOWS\system32\ddzmgg.dll
2009-02-16 15:00:43 ----A---- C:\WINDOWS\system32\cbXNHBrQ.dll
2009-02-16 14:00:29 ----A---- C:\WINDOWS\system32\ufiaaj.dll
2009-02-16 14:00:28 ----A---- C:\WINDOWS\system32\iifeFXQi.dll
2009-02-16 12:59:44 ----A---- C:\WINDOWS\system32\aiivca.dll
2009-02-16 12:59:43 ----A---- C:\WINDOWS\system32\jkkKddET.dll
2009-02-16 11:58:59 ----A---- C:\WINDOWS\system32\nqqxzb.dll
2009-02-16 11:58:59 ----A---- C:\WINDOWS\system32\awttSMFV.dll
2009-02-16 10:58:42 ----A---- C:\WINDOWS\system32\bkwuny.dll
2009-02-16 10:58:35 ----A---- C:\WINDOWS\system32\wvUoOGxY.dll
2009-02-16 00:27:41 ----A---- C:\WINDOWS\system32\vtUkiGAq.dll
2009-02-16 00:27:41 ----A---- C:\WINDOWS\system32\twjwqd.dll
2009-02-15 23:27:26 ----A---- C:\WINDOWS\system32\xothzo.dll
2009-02-15 23:27:26 ----A---- C:\WINDOWS\system32\opnlMgfF.dll
2009-02-15 22:27:11 ----A---- C:\WINDOWS\system32\gpcpmv.dll
2009-02-15 22:27:10 ----A---- C:\WINDOWS\system32\ddcaXrSl.dll
2009-02-15 21:26:56 ----A---- C:\WINDOWS\system32\axqakq.dll
2009-02-15 21:26:55 ----A---- C:\WINDOWS\system32\urqOGXRI.dll
2009-02-15 20:26:41 ----A---- C:\WINDOWS\system32\zgtwwd.dll
2009-02-15 20:26:41 ----A---- C:\WINDOWS\system32\iifedcDv.dll
2009-02-15 19:26:27 ----A---- C:\WINDOWS\system32\rlmfsk.dll
2009-02-15 19:26:26 ----A---- C:\WINDOWS\system32\pmnlkJCV.dll
2009-02-15 18:26:12 ----A---- C:\WINDOWS\system32\klkivk.dll
2009-02-15 18:26:12 ----A---- C:\WINDOWS\system32\ddcAssrr.dll
2009-02-15 17:25:28 ----A---- C:\WINDOWS\system32\umffgc.dll
2009-02-15 17:25:27 ----A---- C:\WINDOWS\system32\nnnMCuRk.dll
2009-02-15 16:25:13 ----A---- C:\WINDOWS\system32\ezzgwc.dll
2009-02-15 16:25:12 ----A---- C:\WINDOWS\system32\hgGyxVpq.dll
2009-02-15 15:24:28 ----A---- C:\WINDOWS\system32\tuvvvWMf.dll
2009-02-15 15:24:28 ----A---- C:\WINDOWS\system32\rstifc.dll
2009-02-15 14:24:14 ----A---- C:\WINDOWS\system32\vcvuwf.dll
2009-02-15 14:24:13 ----A---- C:\WINDOWS\system32\efcYQKCV.dll
2009-02-15 13:23:59 ----A---- C:\WINDOWS\system32\xkrnla.dll
2009-02-15 13:23:58 ----A---- C:\WINDOWS\system32\mlJBQJbX.dll
2009-02-15 12:23:44 ----A---- C:\WINDOWS\system32\tyilkr.dll
2009-02-15 12:23:43 ----A---- C:\WINDOWS\system32\fccccBSm.dll
2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
2009-02-14 21:46:31 ----A---- C:\WINDOWS\system32\kygtff.dll
2009-02-14 21:46:30 ----A---- C:\WINDOWS\system32\qoMgGyWp.dll
2009-02-14 20:46:16 ----A---- C:\WINDOWS\system32\tuvVPjHy.dll
2009-02-14 20:46:16 ----A---- C:\WINDOWS\system32\btwmhv.dll
2009-02-14 19:45:32 ----A---- C:\WINDOWS\system32\rgjhrj.dll
2009-02-14 19:45:31 ----A---- C:\WINDOWS\system32\hgGwUooN.dll
2009-02-14 18:45:17 ----A---- C:\WINDOWS\system32\fbncja.dll
2009-02-14 18:45:16 ----A---- C:\WINDOWS\system32\opnnOEVO.dll
2009-02-14 17:44:32 ----A---- C:\WINDOWS\system32\xxywUOig.dll
2009-02-14 17:44:32 ----A---- C:\WINDOWS\system32\naopse.dll
2009-02-14 16:44:18 ----A---- C:\WINDOWS\system32\zspiwj.dll
2009-02-14 16:44:17 ----A---- C:\WINDOWS\system32\ssqpQKda.dll
2009-02-14 15:44:03 ----A---- C:\WINDOWS\system32\gosmnz.dll
2009-02-14 15:44:02 ----A---- C:\WINDOWS\system32\ljJYSjIc.dll
2009-02-14 14:43:18 ----A---- C:\WINDOWS\system32\opnlMeDu.dll
2009-02-14 14:43:18 ----A---- C:\WINDOWS\system32\lyozkg.dll
2009-02-14 13:42:34 ----A---- C:\WINDOWS\system32\qqmhdg.dll
2009-02-14 13:42:33 ----A---- C:\WINDOWS\system32\jkkKbYpQ.dll
2009-02-14 12:41:49 ----A---- C:\WINDOWS\system32\vtUooLcd.dll
2009-02-14 12:41:49 ----A---- C:\WINDOWS\system32\jhumoa.dll
2009-02-14 11:29:46 ----A---- C:\WINDOWS\system32\ncvlsq.dll
2009-02-14 11:29:45 ----A---- C:\WINDOWS\system32\tuvwuUnl.dll
2009-02-14 06:23:01 ----A---- C:\WINDOWS\system32\unznjx.dll
2009-02-14 06:23:00 ----A---- C:\WINDOWS\system32\mlJaaAqP.dll
2009-02-14 05:22:46 ----A---- C:\WINDOWS\system32\jtpqwn.dll
2009-02-14 05:22:45 ----A---- C:\WINDOWS\system32\qoMcDtrS.dll
2009-02-14 04:22:31 ----A---- C:\WINDOWS\system32\nsnusz.dll
2009-02-14 04:22:30 ----A---- C:\WINDOWS\system32\ljJYQKda.dll
2009-02-14 03:22:16 ----A---- C:\WINDOWS\system32\eclkyp.dll
2009-02-14 03:22:15 ----A---- C:\WINDOWS\system32\byXRlljk.dll
2009-02-14 02:22:01 ----A---- C:\WINDOWS\system32\ychdwj.dll
2009-02-14 02:22:00 ----A---- C:\WINDOWS\system32\byXNhhEw.dll
2009-02-14 01:21:46 ----A---- C:\WINDOWS\system32\nmzgrw.dll
2009-02-14 01:21:45 ----A---- C:\WINDOWS\system32\pmnnKeCV.dll
2009-02-14 00:21:31 ----A---- C:\WINDOWS\system32\ugcrha.dll
2009-02-14 00:21:30 ----A---- C:\WINDOWS\system32\pmnnLeee.dll
2009-02-13 23:21:15 ----A---- C:\WINDOWS\system32\spuuvx.dll
2009-02-13 23:21:15 ----A---- C:\WINDOWS\system32\ljJYSlkI.dll
2009-02-13 22:21:01 ----A---- C:\WINDOWS\system32\mmxaqn.dll
2009-02-13 22:21:00 ----A---- C:\WINDOWS\system32\geBrsRIY.dll
2009-02-13 21:20:46 ----A---- C:\WINDOWS\system32\oydyim.dll
2009-02-13 21:20:45 ----A---- C:\WINDOWS\system32\awtuTnnK.dll
2009-02-13 20:20:31 ----A---- C:\WINDOWS\system32\fzmucx.dll
2009-02-13 20:20:30 ----A---- C:\WINDOWS\system32\byXPGXPH.dll
2009-02-13 19:20:17 ----A---- C:\WINDOWS\system32\exdiuk.dll
2009-02-13 19:20:16 ----A---- C:\WINDOWS\system32\urqQjghE.dll
2009-02-13 18:20:02 ----A---- C:\WINDOWS\system32\vzlwnn.dll
2009-02-13 18:20:01 ----A---- C:\WINDOWS\system32\efcYPfFV.dll
2009-02-13 17:19:47 ----A---- C:\WINDOWS\system32\eswwup.dll
2009-02-13 17:19:46 ----A---- C:\WINDOWS\system32\hgGXOiiJ.dll
2009-02-13 16:19:02 ----A---- C:\WINDOWS\system32\rzdgpe.dll
2009-02-13 16:19:01 ----A---- C:\WINDOWS\system32\opnlKCTL.dll
2009-02-13 15:18:46 ----A---- C:\WINDOWS\system32\urqRKDsp.dll
2009-02-13 15:18:46 ----A---- C:\WINDOWS\system32\iqywbc.dll
2009-02-13 13:56:50 ----A---- C:\WINDOWS\system32\tfgudb.dll
2009-02-13 13:56:49 ----A---- C:\WINDOWS\system32\wvUommNH.dll
2009-02-13 12:56:05 ----A---- C:\WINDOWS\system32\pmnnlkHw.dll
2009-02-13 12:56:05 ----A---- C:\WINDOWS\system32\gmhjkp.dll
2009-02-13 11:55:51 ----A---- C:\WINDOWS\system32\inaxcr.dll
2009-02-13 11:55:50 ----A---- C:\WINDOWS\system32\tuvUOgDW.dll
2009-02-13 10:55:31 ----A---- C:\WINDOWS\system32\kfcblr.dll
2009-02-13 10:55:29 ----A---- C:\WINDOWS\system32\yayyAsRh.dll
2009-02-12 23:03:27 ----A---- C:\WINDOWS\system32\rdisfd.dll
2009-02-12 23:03:27 ----A---- C:\WINDOWS\system32\mlJcYpNd.dll
2009-02-12 22:58:24 ----N---- C:\WINDOWS\system32\clickfile.exe
2009-02-12 22:58:24 ----A---- C:\WINDOWS\system32\awtsPjjG.dll
2009-02-10 14:00:47 ----D---- C:\Avenger
2009-02-10 14:00:46 ----A---- C:\avenger.txt
2009-02-10 08:46:32 ----A---- C:\WINDOWS\system32\998.exe
2009-02-09 13:27:51 ----A---- C:\WINDOWS\system32\winlogon2.exe
2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-07 19:27:34 ----A---- C:\rapport.txt
2009-02-07 19:13:47 ----A---- C:\WINDOWS\system32\9bcf1a77-.txt
2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
2009-02-05 22:28:28 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
2009-01-18 18:23:49 ----D---- C:\Poker
2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 15:43:59 ----D---- C:\PPVADownloads
2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
2009-01-10 20:11:26 ----A---- C:\log_lobby_dumper.txt
2009-01-10 20:11:26 ----A---- C:\log_lobby.txt
2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info
2008-11-21 16:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 16:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 16:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2009-02-20 14:49:39 ----RD---- C:\Program Files
2009-02-20 14:46:51 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
2009-02-20 14:39:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-20 14:30:38 ----A---- C:\log.txt
2009-02-20 14:12:07 ----D---- C:\WINDOWS\Temp
2009-02-20 14:09:09 ----D---- C:\WINDOWS\system32
2009-02-20 10:50:14 ----SD---- C:\WINDOWS\Tasks
2009-02-20 10:42:11 ----D---- C:\WINDOWS\Prefetch
2009-02-20 10:18:00 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
2009-02-20 10:17:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-20 10:17:08 ----D---- C:\Program Files\Steam
2009-02-20 10:16:20 ----D---- C:\Program Files\DNA
2009-02-20 10:03:04 ----D---- C:\WINDOWS
2009-02-19 23:34:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-19 23:27:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-19 21:52:20 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
2009-02-19 21:49:06 ----D---- C:\WINDOWS\system32\drivers
2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
2009-02-19 21:24:32 ----D---- C:\Documents and Settings
2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
2009-02-18 18:17:59 ----D---- C:\WINDOWS\system32\config
2009-02-17 11:49:13 ----D---- C:\Downloads
2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-14 21:55:31 ----SHD---- C:\WINDOWS\Installer
2009-02-14 16:20:00 ----D---- C:\Program Files\PartyGaming
2009-02-13 23:06:25 ----D---- C:\Program Files\Full Tilt Poker
2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-07 20:41:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-03 18:33:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files
2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-01-13 22:45:52 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-01-13 22:44:05 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-01-13 22:37:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-01-13 22:37:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-05 13:18:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-05 02:13:24 ----A---- C:\WINDOWS\BnetLog.txt
2009-01-01 10:25:47 ----D---- C:\Program Files\DivX
2008-12-30 17:09:53 ----D---- C:\WINDOWS\Minidump
2008-12-19 03:00:43 ----D---- C:\WINDOWS\ie7updates
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:02:53 ----D---- C:\Program Files\Internet Explorer
2008-12-03 10:28:07 ----D---- C:\Program Files\UltimateBet
2008-11-29 14:52:21 ----D---- C:\Program Files\MSN Games
2008-11-29 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-14 27992]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-25 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-27 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-19 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 59264]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-02-18 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 acphx37z;acphx37z; C:\WINDOWS\system32\drivers\acphx37z.sys []
S3 af8jnnhj;af8jnnhj; C:\WINDOWS\system32\drivers\af8jnnhj.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-04-11 20496]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-20 14:49:53

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC
20 Février 2009 20:53:24

info.txt logfile of random's system information tool 1.05 2009-02-20 14:49:53

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
500 From Special K Software-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\500 From Special K\ST6UNST.LOG"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere Pro Tryout-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDPoker-->"C:\Poker\CDPoker\_SetupPoker.exe" /uninstall
Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Condition Zero Deleted Scenes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
ConvertXtoDVD 3.0.0.1-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Daum ÆÌÇ÷¹À̾î-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer-->MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
Empire Earth III-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0xc0c -removeonly
First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}\setup.exe" -l0x40c UNINSTALL
ForceBindIP-->C:\WINDOWS\system32\ForceBindIP-Uninstaller.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gnuf.com Casino-->C:\Program Files\Gnuf\Casino\uninst.exe
Gnuf.com Poker-->C:\Program Files\Gnuf\Poker\uninst.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"
Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x40c
Heroes of Might and Magic® IV: Winds of War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hollywood Poker Tournament Director's Poker Clock-->C:\Program Files\Hollywood Poker Tournament Director's Poker Clock\Hollywood Poker Tournament Director's Poker Clock.exe /UNINSTALL "C:\WINDOWS\system32\Hollywood Poker Tournament Director's Poker Clock.log"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICCup Launcher-->"C:\Documents and Settings\All Users\Desktop\Launcher\unins000.exe"
ImageMixer EasyStepDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C32B46-41C3-438F-94F6-55FE150D50D8}\setup.exe" -l0x40c UNINSTALL
iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iRiver Updater-->\uninst.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Oblivion mod manager 1.1.5-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
PicturePackages-->MsiExec.exe /X{E0A76F67-9136-4370-9413-891DBCF199CB}
Playchess-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}\setup.exe" -l0xc0c -removeonly
Poker 770-->"C:\Poker\Poker 770\_SetupCasino.exe" /uninstall
PokerRoomSchool-->"C:\Poker\PokerRoomSchool\_SetupPoker[1].exe" /uninstall
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
PowerStrip 3 (remove only)-->C:\Program Files\PowerStrip\uninstal.exe
PPLive 1.9-->C:\Program Files\PPLive\uninst.exe
psqlODBC-->MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
Sea3D-->"C:\Program Files\Sea3D\uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x040c -removeonly
Sid Meier's Civilization 4 - Warlords-->C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x040c -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly
Silkroad-->C:\Program Files\Silkroad\Remove.Exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony DVD Handycam USB Driver 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A360821C-6B51-4EE4-A7E5-5E14B15004CD}\Setup.exe" UNINSTALL
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe"
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Tournament Director 2-->C:\Program Files\The Tournament Director 2\Uninstall.exe
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
UltimateBet-->C:\Program Files\_uninstallation_info\UltimateBet\CasinoUninstall.exe
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB322BA7-761F-476F-ABA1-227331CDEF29}\setup.exe" -l0x9 -removeonly
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Victor Chandler-->"C:\Poker\Victor Chandler\_SetupCasino.exe" /uninstall
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAVI Video Capture 2.0-->"C:\Program Files\WinAVI Video Capture\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

65.98.84.21 tv.gomtv.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090219-0]

System event log

Computer Name: COMPANY-253E74B
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 19132
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: COMPANY-253E74B
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 19131
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User: COMPANY-253E74B\Nicolas

Computer Name: COMPANY-253E74B
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 19130
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 19129
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 19128
Source Name: Service Control Manager
Time Written: 20090129080119.000000-300
Event Type: information
User: COMPANY-253E74B\Nicolas

Application event log

Computer Name: COMPANY-253E74B
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 7581
Source Name: usnjsvc
Time Written: 20090110130026.000000-300
Event Type:
User:

Computer Name: COMPANY-253E74B
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 7580
Source Name: SecurityCenter
Time Written: 20090110115416.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 1
Message:
Record Number: 7579
Source Name: Bonjour Service
Time Written: 20090110115358.000000-300
Event Type: information
User:

Computer Name: COMPANY-253E74B
Event Code: 1517
Message: Windows saved user COMPANY-253E74B\Nicolas registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7578
Source Name: Userenv
Time Written: 20090110001713.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPANY-253E74B
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 7577
Source Name: Userenv
Time Written: 20090110001616.000000-300
Event Type: warning
User: COMPANY-253E74B\Nicolas

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
Contenus similaires
a c 267 8 Sécurité
a b 9 Windows
20 Février 2009 21:36:33

Salut,

Tu as une centaine d'infections Vundo/Virtumonde dans ton PC d'où les popups.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    20 Février 2009 22:58:42

    ComboFix 09-02-19.01 - Nicolas 2009-02-20 16:12:33.1 - NTFSx86
    Lancé depuis: c:\documents and settings\Nicolas\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090219-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Nicolas\LOCALS~1\Temp\E_4
    c:\docume~1\Nicolas\LOCALS~1\Temp\E_4\HtmlView.fne
    c:\documents and settings\Nicolas\Application Data\inst.exe
    c:\documents and settings\Nicolas\Local Settings\Temporary Internet Files\fbk.sts
    c:\windows\system32\998.exe
    c:\windows\system32\aeyskc.dll
    c:\windows\system32\aiescj.dll
    c:\windows\system32\aiivca.dll
    c:\windows\system32\alqkvz.dll
    c:\windows\system32\aryaao.dll
    c:\windows\system32\awttSMFV.dll
    c:\windows\system32\awtusrQj.dll
    c:\windows\system32\awtuTnnK.dll
    c:\windows\system32\axzsav.dll
    c:\windows\system32\brafye.dll
    c:\windows\system32\btjvpo.dll
    c:\windows\system32\btwmhv.dll
    c:\windows\system32\byXNhhEw.dll
    c:\windows\system32\byXoPigG.dll
    c:\windows\system32\byXPGXPH.dll
    c:\windows\system32\byXPHaXq.dll
    c:\windows\system32\byXRlljk.dll
    c:\windows\system32\cbXNHBrQ.dll
    c:\windows\system32\cbXOIbcd.dll
    c:\windows\system32\cbXRJBrr.dll
    c:\windows\system32\cbXRJDUl.dll
    c:\windows\system32\csxpww.dll
    c:\windows\system32\ddcAssrr.dll
    c:\windows\system32\ddcaXrSl.dll
    c:\windows\system32\ddcDuSmJ.dll
    c:\windows\system32\ddcYsPfg.dll
    c:\windows\system32\dgfnil.dll
    c:\windows\system32\drivers\seneka.sys
    c:\windows\system32\drivers\senekalnqviqgd.sys
    c:\windows\system32\dvlyve.dll
    c:\windows\system32\eclkyp.dll
    c:\windows\system32\efcARhgF.dll
    c:\windows\system32\efcARHwX.dll
    c:\windows\system32\efcATJDU.dll
    c:\windows\system32\efcYPfFV.dll
    c:\windows\system32\efcYQKCV.dll
    c:\windows\system32\ekcijm.dll
    c:\windows\system32\emorop.dll
    c:\windows\system32\eswwup.dll
    c:\windows\system32\evymdv.dll
    c:\windows\system32\exdiuk.dll
    c:\windows\system32\fbncja.dll
    c:\windows\system32\fcccbaxY.dll
    c:\windows\system32\fccccBSm.dll
    c:\windows\system32\fccdbbBQ.dll
    c:\windows\system32\fccYonKa.dll
    c:\windows\system32\fdpgjt.dll
    c:\windows\system32\ftwczm.dll
    c:\windows\system32\fvtkos.dll
    c:\windows\system32\fzmucx.dll
    c:\windows\system32\geBrsRIY.dll
    c:\windows\system32\gmhjkp.dll
    c:\windows\system32\gosmnz.dll
    c:\windows\system32\gutsin.dll
    c:\windows\system32\hdcoyy.dll
    c:\windows\system32\hgGaywTm.dll
    c:\windows\system32\hgGvwXPf.dll
    c:\windows\system32\hgGwUooN.dll
    c:\windows\system32\hgGXOiiJ.dll
    c:\windows\system32\hgGxXqOF.dll
    c:\windows\system32\hgGyxVpq.dll
    c:\windows\system32\iifedcDv.dll
    c:\windows\system32\iifefEVN.dll
    c:\windows\system32\iifeFXQi.dll
    c:\windows\system32\iifFYQjI.dll
    c:\windows\system32\inaxcr.dll
    c:\windows\system32\iqywbc.dll
    c:\windows\system32\jhumoa.dll
    c:\windows\system32\jkkHBTKA.dll
    c:\windows\system32\jkkHXPiI.dll
    c:\windows\system32\jkkKbYpQ.dll
    c:\windows\system32\jkkKddET.dll
    c:\windows\system32\jkkLDTkh.dll
    c:\windows\system32\jtpqwn.dll
    c:\windows\system32\kfcblr.dll
    c:\windows\system32\khfDwxuv.dll
    c:\windows\system32\kjhplr.dll
    c:\windows\system32\kygtff.dll
    c:\windows\system32\ljJYOFWn.dll
    c:\windows\system32\ljJYQKda.dll
    c:\windows\system32\ljJYSjIc.dll
    c:\windows\system32\ljJYSlkI.dll
    c:\windows\system32\lsmtzm.dll
    c:\windows\system32\lyozkg.dll
    c:\windows\system32\mlJaaAqP.dll
    c:\windows\system32\mlJBQJbX.dll
    c:\windows\system32\mlJBULff.dll
    c:\windows\system32\mlJcYpNd.dll
    c:\windows\system32\mlJYpNff.dll
    c:\windows\system32\mmxaqn.dll
    c:\windows\system32\mwjycx.dll
    c:\windows\system32\naopse.dll
    c:\windows\system32\ncgrnt.dll
    c:\windows\system32\ncvlsq.dll
    c:\windows\system32\nmzgrw.dll
    c:\windows\system32\nnnMCuRk.dll
    c:\windows\system32\nsnusz.dll
    c:\windows\system32\nttzhr.dll
    c:\windows\system32\odjowb.dll
    c:\windows\system32\opnlKCTL.dll
    c:\windows\system32\opnlMeDu.dll
    c:\windows\system32\opnlMgfF.dll
    c:\windows\system32\opnnnKBt.dll
    c:\windows\system32\opnnOEVO.dll
    c:\windows\system32\opnOFVNh.dll
    c:\windows\system32\oydyim.dll
    c:\windows\system32\plqzwj.dll
    c:\windows\system32\pmnlkJCV.dll
    c:\windows\system32\pmnnKeCV.dll
    c:\windows\system32\pmnnLeee.dll
    c:\windows\system32\pmnnlkHw.dll
    c:\windows\system32\Pncrt.dll
    c:\windows\system32\qoMcaWOI.dll
    c:\windows\system32\qoMcDtrS.dll
    c:\windows\system32\qoMeDSkH.dll
    c:\windows\system32\qoMgGyWp.dll
    c:\windows\system32\qqmhdg.dll
    c:\windows\system32\rdisfd.dll
    c:\windows\system32\rgjhrj.dll
    c:\windows\system32\rgwkov.dll
    c:\windows\system32\rmgscd.dll
    c:\windows\system32\rnahic.dll
    c:\windows\system32\rqRHwTnn.dll
    c:\windows\system32\rqRIbXOg.dll
    c:\windows\system32\rqRjgfgD.dll
    c:\windows\system32\rqRLfeCT.dll
    c:\windows\system32\rzdgpe.dll
    c:\windows\system32\sbhprn.dll
    c:\windows\system32\senekacbjtpete.dll
    c:\windows\system32\senekadbxqxowb.dll
    c:\windows\system32\senekagqfwxmpo.dll
    c:\windows\system32\senekaijismuwp.dat
    c:\windows\system32\senekaxhpylkjr.dat
    c:\windows\system32\spuuvx.dll
    c:\windows\system32\sqctnu.dll
    c:\windows\system32\ssqOFWmj.dll
    c:\windows\system32\ssqOIcay.dll
    c:\windows\system32\ssqPfDus.dll
    c:\windows\system32\ssqpQKda.dll
    c:\windows\system32\ssqQkKcd.dll
    c:\windows\system32\tfbhrr.dll
    c:\windows\system32\tfgudb.dll
    c:\windows\system32\tiqyge.dll
    c:\windows\system32\tmp.reg
    c:\windows\system32\trfagm.dll
    c:\windows\system32\tuvUOgDW.dll
    c:\windows\system32\tuvVPjHy.dll
    c:\windows\system32\tuvvvWMf.dll
    c:\windows\system32\tuvWnMfC.dll
    c:\windows\system32\tuvWoljk.dll
    c:\windows\system32\tuvWopmk.dll
    c:\windows\system32\tuvwuUnl.dll
    c:\windows\system32\tyilkr.dll
    c:\windows\system32\ugcrha.dll
    c:\windows\system32\unznjx.dll
    c:\windows\system32\urhjeb.dll
    c:\windows\system32\urqOEwWN.dll
    c:\windows\system32\urqOGXRI.dll
    c:\windows\system32\urqQgeba.dll
    c:\windows\system32\urqQjghE.dll
    c:\windows\system32\urqRKDsp.dll
    c:\windows\system32\uwthps.dll
    c:\windows\system32\vtUkiGAq.dll
    c:\windows\system32\vtUnmJYO.dll
    c:\windows\system32\vtUooLcd.dll
    c:\windows\system32\vzlwnn.dll
    c:\windows\system32\winlogon2.exe
    c:\windows\system32\wvUligde.dll
    c:\windows\system32\wvUommNH.dll
    c:\windows\system32\wvUoNhFu.dll
    c:\windows\system32\wvUoOGxY.dll
    c:\windows\system32\wvUoOIXP.dll
    c:\windows\system32\wxxzlj.dll
    c:\windows\system32\xetwbi.dll
    c:\windows\system32\xfnkdw.dll
    c:\windows\system32\xoqwqe.dll
    c:\windows\system32\xxywUOig.dll
    c:\windows\system32\xxyyvWQG.dll
    c:\windows\system32\yayvVOeF.dll
    c:\windows\system32\yaywTnLE.dll
    c:\windows\system32\yaywtQKB.dll
    c:\windows\system32\yayyAsRh.dll
    c:\windows\system32\yayyWnnk.dll
    c:\windows\system32\ycdhnx.dll
    c:\windows\system32\ychdwj.dll
    c:\windows\system32\ywowln.dll
    c:\windows\system32\zspiwj.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SENEKA


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-20 au 2009-02-20 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-20 16:46 . 2009-02-20 16:46 129,024 --a------ c:\windows\system32\hkpbgq.dll
    2009-02-20 16:46 . 2009-02-20 16:46 129,024 --a------ c:\windows\system32\efcDTJAP.dll
    2009-02-20 14:49 . 2009-02-20 14:49 <DIR> d-------- C:\rsit
    2009-02-20 14:49 . 2009-02-20 14:49 <DIR> d-------- c:\program files\trend micro
    2009-02-19 22:22 . 2009-02-19 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
    2009-02-19 21:48 . 2009-02-19 21:48 <DIR> d-------- c:\program files\VSO
    2009-02-19 21:48 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
    2009-02-19 21:48 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
    2009-02-19 21:48 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
    2009-02-19 21:48 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
    2009-02-19 21:48 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
    2009-02-19 21:48 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
    2009-02-19 21:48 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
    2009-02-19 21:24 . 2009-02-19 21:24 <DIR> d-------- c:\documents and settings\Xeph
    2009-02-19 21:12 . 2009-02-19 21:50 <DIR> d-------- c:\documents and settings\Nicolas\Application Data\Vso
    2009-02-19 21:12 . 2009-02-19 21:49 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
    2009-02-19 21:12 . 2009-02-19 21:49 47,360 --a------ c:\documents and settings\Nicolas\Application Data\pcouffin.sys
    2009-02-17 13:56 . 2009-02-17 13:56 129,024 --a------ c:\windows\system32\impsdf.dll
    2009-02-17 12:56 . 2009-02-17 12:56 129,024 --a------ c:\windows\system32\eheiif.dll
    2009-02-17 11:56 . 2009-02-17 11:56 129,024 --a------ c:\windows\system32\jryxdk.dll
    2009-02-17 10:55 . 2009-02-17 10:55 129,024 --a------ c:\windows\system32\dxmdfk.dll
    2009-02-17 10:31 . 2009-02-16 21:56 126,318 --a------ C:\0126 fnaticZ NaWdatP ESLTVT.rep
    2009-02-17 10:31 . 2009-02-16 22:20 107,538 --a------ C:\0128 fnaticZ NaWdatP ESLTVT.rep
    2009-02-17 10:31 . 2009-02-16 22:36 81,436 --a------ C:\0129 NaWdatP fnaticZ ESLTVZ.rep
    2009-02-17 10:31 . 2009-02-16 22:10 68,807 --a------ C:\0127 fnaticZ NaWdatP ESLTVP.rep
    2009-02-17 10:31 . 2009-02-16 21:36 63,818 --a------ C:\0125 NaWdatP fnaticZ ESLTVP.rep
    2009-02-17 09:55 . 2009-02-17 09:55 129,024 --a------ c:\windows\system32\pbyjlt.dll
    2009-02-17 08:55 . 2009-02-17 08:55 129,024 --a------ c:\windows\system32\jblujo.dll
    2009-02-16 22:03 . 2009-02-16 22:03 129,024 --a------ c:\windows\system32\ggopnj.dll
    2009-02-16 21:02 . 2009-02-16 21:02 129,024 --a------ c:\windows\system32\qkikcu.dll
    2009-02-16 19:02 . 2009-02-16 19:02 129,024 --a------ c:\windows\system32\ywtryp.dll
    2009-02-16 18:02 . 2009-02-16 18:02 129,024 --a------ c:\windows\system32\afdexe.dll
    2009-02-16 18:00 . 2009-02-20 15:50 <DIR> d-------- c:\program files\Everest Poker
    2009-02-16 17:01 . 2009-02-16 17:01 129,024 --a------ c:\windows\system32\hkkkpl.dll
    2009-02-16 15:00 . 2009-02-16 15:00 129,024 --a------ c:\windows\system32\ddzmgg.dll
    2009-02-16 14:00 . 2009-02-16 14:00 129,024 --a------ c:\windows\system32\ufiaaj.dll
    2009-02-16 11:58 . 2009-02-16 11:58 129,024 --a------ c:\windows\system32\nqqxzb.dll
    2009-02-16 10:58 . 2009-02-16 10:58 129,024 --a------ c:\windows\system32\bkwuny.dll
    2009-02-16 00:27 . 2009-02-16 00:27 129,024 --a------ c:\windows\system32\twjwqd.dll
    2009-02-15 23:27 . 2009-02-15 23:27 129,024 --a------ c:\windows\system32\xothzo.dll
    2009-02-15 22:27 . 2009-02-15 22:27 129,024 --a------ c:\windows\system32\gpcpmv.dll
    2009-02-15 21:26 . 2009-02-15 21:26 129,024 --a------ c:\windows\system32\axqakq.dll
    2009-02-15 20:26 . 2009-02-15 20:26 129,024 --a------ c:\windows\system32\zgtwwd.dll
    2009-02-15 19:26 . 2009-02-15 19:26 129,024 --a------ c:\windows\system32\rlmfsk.dll
    2009-02-15 18:26 . 2009-02-15 18:26 129,024 --a------ c:\windows\system32\klkivk.dll
    2009-02-15 17:25 . 2009-02-15 17:25 129,024 --a------ c:\windows\system32\umffgc.dll
    2009-02-15 16:25 . 2009-02-15 16:25 129,024 --a------ c:\windows\system32\ezzgwc.dll
    2009-02-15 15:24 . 2009-02-15 15:24 129,024 --a------ c:\windows\system32\rstifc.dll
    2009-02-15 14:24 . 2009-02-15 14:24 129,024 --a------ c:\windows\system32\vcvuwf.dll
    2009-02-15 13:23 . 2009-02-15 13:23 129,024 --a------ c:\windows\system32\xkrnla.dll
    2009-02-14 21:55 . 2009-02-14 21:55 <DIR> d-------- c:\program files\psqlODBC
    2009-02-12 22:58 . 2009-02-12 22:58 46,080 --------- c:\windows\system32\clickfile.exe
    2009-02-12 22:58 . 2009-02-12 22:58 35,328 --a------ c:\windows\system32\awtsPjjG.dll
    2009-02-10 10:02 . 2009-02-10 09:42 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
    2009-02-10 09:42 . 2009-02-10 10:03 <DIR> d-------- c:\documents and settings\Nicolas\.housecall6.6
    2009-02-09 09:06 . 2009-02-09 09:06 <DIR> d-------- c:\documents and settings\postgres
    2009-02-09 08:59 . 2009-02-09 08:59 <DIR> d-------- c:\program files\PostgreSQL
    2009-02-09 08:50 . 2009-02-14 22:01 <DIR> d-------- c:\program files\PokerTracker 3
    2009-02-07 19:50 . 2009-02-07 19:50 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-02-07 19:50 . 2009-02-07 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-07 19:12 . 2009-02-10 14:00 2,816 --a------ c:\windows\wbngbyzv
    2009-02-05 22:44 . 2009-02-05 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
    2009-02-05 22:38 . 2009-02-09 08:19 <DIR> d-------- c:\program files\ATI
    2009-02-05 22:28 . 2009-01-13 21:05 593,920 --a------ c:\windows\system32\ati2sgag.exe
    2009-02-03 18:48 . 2009-02-03 18:48 <DIR> d-------- c:\documents and settings\Nicolas\Application Data\ATI
    2009-02-03 18:29 . 2009-02-03 18:29 <DIR> d-------- c:\program files\My Company Name
    2009-02-03 18:23 . 2009-02-03 18:23 <DIR> d-------- c:\program files\Common Files\ATI Technologies
    2009-02-03 18:22 . 2006-12-27 22:44 84,992 -ra------ c:\windows\system32\drivers\AtiHdAud.sys
    2009-02-03 18:01 . 2009-02-05 22:37 <DIR> d-------- c:\program files\ATI Technologies
    2009-02-01 21:34 . 2009-02-01 21:34 <DIR> d-------- c:\program files\Heroes2
    2009-02-01 21:34 . 1994-09-20 20:00 12,800 --a------ c:\windows\system32\WING32.DLL
    2009-02-01 21:33 . 2009-02-01 21:33 <DIR> d-------- c:\documents and settings\Nicolas\WINDOWS
    2009-02-01 21:33 . 1996-10-15 18:01 298,496 --a------ c:\windows\uninst.exe
    2009-01-24 16:34 . 2009-02-19 20:02 <DIR> d-------- c:\program files\Starcraft
    2009-01-24 16:34 . 2009-01-24 16:35 94,208 --a------ c:\windows\ScUnin.exe
    2009-01-24 16:34 . 2009-01-24 16:35 35,190 --a------ c:\windows\scunin.dat
    2009-01-24 16:34 . 2009-01-24 16:35 967 --a------ c:\windows\ScUnin.pif

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-20 21:47 --------- d-----w c:\program files\Steam
    2009-02-20 21:46 --------- d-----w c:\documents and settings\Nicolas\Application Data\Skype
    2009-02-20 21:45 --------- d-----w c:\documents and settings\Nicolas\Application Data\skypePM
    2009-02-20 21:44 --------- d-----w c:\documents and settings\Nicolas\Application Data\Hamachi
    2009-02-20 21:43 --------- d-----w c:\program files\DNA
    2009-02-20 21:43 --------- d-----w c:\documents and settings\Nicolas\Application Data\DNA
    2009-02-20 02:52 --------- d-----w c:\documents and settings\Nicolas\Application Data\uTorrent
    2009-02-20 02:25 --------- d-----w c:\program files\uTorrent
    2009-02-15 03:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-14 21:20 --------- d-----w c:\program files\PartyGaming
    2009-02-14 08:00 --------- d-----w c:\documents and settings\All Users\Application Data\PPLiveVA
    2009-02-14 06:37 --------- d-----w c:\program files\PokerStars
    2009-02-14 04:06 --------- d-----w c:\program files\Full Tilt Poker
    2009-02-08 01:41 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-02-08 00:07 --------- d-----w c:\program files\PPLiveVA
    2009-02-03 23:33 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-01 01:16 --------- d-----w c:\program files\TVAnts
    2009-01-31 05:35 --------- d-----w c:\documents and settings\Nicolas\Application Data\mIRC
    2009-01-30 22:32 --------- d-----w c:\program files\mIRC
    2009-01-22 15:35 --------- d-----w c:\documents and settings\Nicolas\Application Data\Apple Computer
    2009-01-18 21:03 --------- d-----w c:\program files\PPLive
    2009-01-18 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\PPLive
    2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
    2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
    2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
    2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
    2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
    2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
    2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
    2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
    2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
    2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
    2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
    2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
    2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
    2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
    2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
    2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
    2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
    2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
    2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
    2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
    2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll
    2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
    2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
    2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
    2009-01-07 21:42 --------- d-----w c:\program files\Skype
    2009-01-07 21:42 --------- d-----w c:\program files\Common Files\Skype
    2009-01-07 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2009-01-05 18:24 --------- d-----w c:\program files\PowerStrip
    2009-01-05 18:19 --------- d-----w c:\program files\Common Files\Apple
    2009-01-05 17:33 --------- d-----w c:\program files\QuickTime
    2009-01-05 17:33 --------- d-----w c:\program files\Bonjour
    2009-01-05 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-05 17:31 --------- d-----w c:\program files\Apple Software Update
    2009-01-05 08:55 --------- d-----w c:\documents and settings\Nicolas\Application Data\PPLiveVA
    2009-01-05 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Jlcm
    2009-01-05 08:21 --------- d-----w c:\documents and settings\Nicolas\Application Data\PPLive
    2009-01-01 15:25 --------- d-----w c:\program files\DivX
    2008-12-29 21:59 --------- d-----w c:\program files\Delta
    2008-12-29 21:52 --------- d-----w c:\program files\Alcohol Soft
    2008-12-29 21:48 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
    2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
    2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
    2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-10 18:49 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    2009-02-12 22:58 35328 --a------ c:\windows\system32\awtsPjjG.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee2f629b-e3b5-45ff-855c-60b4908470c0}]
    2009-02-20 16:46 129024 --a------ c:\windows\system32\hkpbgq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
    "Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-02-18 1694208]
    "Octoshape Streaming Services"="c:\program files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" [2006-02-13 214648]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-12-29 4608]
    "PPLiveVA"="c:\program files\PPLiveVA\PPLiveVA.exe" [2008-12-17 197968]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-01 342848]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingD1441"="del" [X]
    "SpybotDeletingB4498"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingB4900"="command.com" [2001-08-23 c:\windows\system32\command.com]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-05-17 480816]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "iRiver Updater"="\Updater.exe" [2004-07-01 212992]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-11-19 737312]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
    "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingC3803"="del" [X]
    "SpybotDeletingC6215"="del" [X]
    "SpybotDeletingC5438"="del" [X]
    "SpybotDeletingC3425"="del" [X]
    "SpybotDeletingC403"="del" [X]
    "SpybotDeletingC15"="del" [X]
    "SpybotDeletingC7330"="del" [X]
    "SpybotDeletingC3270"="del" [X]
    "SpybotDeletingC3266"="del" [X]
    "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
    "SpybotDeletingA1357"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA3710"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA624"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA3425"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA3852"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA990"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA9279"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA4985"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA3753"="command.com" [2001-08-23 c:\windows\system32\command.com]
    "SpybotDeletingA2362"="command.com" [2001-08-23 c:\windows\system32\command.com]

    c:\documents and settings\Nicolas\Start Menu\Programs\Startup\
    hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-10-25 625952]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-01 692224]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
    Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-06-21 151552]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\awtsPjjG.dll" [2009-02-12 35328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
    2007-04-10 14:00 236928 c:\windows\system32\WgaLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPjjG]
    2009-02-12 22:58 35328 c:\windows\system32\awtsPjjG.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    Trusted 1cf5

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\charcute\\counter-strike\\hl.exe"=
    "c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=
    "c:\\Program Files\\Octoshape Streaming Services\\Nicolas\\OctoshapeClient.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\age2\\empires2.exe"=
    "c:\\age2\\age2_x1.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Sea3D\\Sea3D.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"=
    "c:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"=
    "c:\\PROGRA~1\\DAUM\\POTPLA~1\\PotPlayer.exe"=
    "c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\PROGRA~1\\DAUM\\POTPLA~1\\daumvsvr.exe"=
    "c:\\Program Files\\PPLive\\PPLive.exe"=
    "c:\\Program Files\\PPLiveVA\\PPLiveVA.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:Battlenet
    "6112:UDP"= 6112:UDP:battlenet2

    R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2008-06-21 18110]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 111184]
    R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2008-06-21 619390]
    R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2008-06-21 423454]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-07 20560]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-11-08 3712]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-14 27992]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\setup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-02-20 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2009-02-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{294bd579-b318-4cbb-8bbd-59a022d3d7f7} - (no file)
    HKCU-Run-Utopia Angel - c:\utopia\Angel\Angel.exe
    HKLM-Run-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
    Notify-WgaLogon - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk
    IE: {{8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - c:\program files\Gnuf\Casino\casinogame.exe
    IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\CDPoker\casino.exe
    IE: {{A99C8F70-4D5B-482c-8854-05BC0BB8B182} - c:\program files\Gnuf\Poker\MPPoker.exe
    IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
    DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - hxxp://potplayer.daum.net/PotPlayer/launcher/PotPlayerLauncher.cab
    FF - ProfilePath - c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\161m1jts.default\
    FF - prefs.js: browser.search.selectedEngine - Mozilla Add-ons
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/|http://www.rds.ca/|http://www.teamliquid.net/|http://www.gosugamers.net/starcraft/
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\Nicolas\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Octoshape Streaming Services\Nicolas\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-20 16:44:39
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\system32\hkpbgq.dll 129024 bytes executable
    c:\windows\system32\efcDTJAP.dll 129024 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 2

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-682003330-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:64,fb,5b,4c,4b,ba,df,df,65,45,ed,dd,c9,01,1f,4e,f1,4c,06,68,d0,b7,9d,
    52,26,67,ae,e4,bb,e1,05,17,38,67,e9,95,8f,5a,91,ee,23,3a,24,e7,80,ea,b2,55,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(848)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\awtsPjjG.dll

    - - - - - - - > 'explorer.exe'(3220)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\windows\system32\wscntfy.exe
    C:\Updater.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
    c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-20 16:54:50 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-02-20 21:54:44

    Avant-CF: 44,039,032,832 bytes free
    Après-CF: 45,094,453,248 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

    592 --- E O F --- 2009-02-05 15:16:56
    a c 267 8 Sécurité
    a b 9 Windows
    20 Février 2009 23:15:18

    On continue.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    20 Février 2009 23:29:36

    Malwarebytes' Anti-Malware 1.34
    Database version: 1782
    Windows 5.1.2600 Service Pack 2

    2009-02-20 17:26:02
    mbam-log-2009-02-20 (17-26-02).txt

    Scan type: Quick Scan
    Objects scanned: 71395
    Time elapsed: 5 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 37
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 31

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\awtsPjjG.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\hkpbgq.dll (Trojan.Vundo) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtspjjg (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee2f629b-e3b5-45ff-855c-60b4908470c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ee2f629b-e3b5-45ff-855c-60b4908470c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ee2f629b-e3b5-45ff-855c-60b4908470c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0163a2cd-3cb8-41b7-b4db-75be9d861777} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e97b66da-36ae-4e2f-9935-f332eceb44a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{18045dc4-b4df-48ca-9cc9-f5c3011d2841} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25695882-2264-4262-b4c3-d7e6bf51136e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{488af159-3513-458e-8312-d48a566716f4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ebd08103-b118-434f-b7b2-31c97e2aa08e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{09cefa5d-2b31-4ee4-aafb-4481d712492f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b47b9fc2-cbed-4add-9b69-74daa8354997} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d593daae-22da-4794-9396-338bf68b2a57} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2cb76b88-625c-4785-9b59-6231f272ff83} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3ccf6080-d6d2-40ea-941b-93123c93bfa5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e59b8da7-84b9-4985-b1f4-68d27197d4d0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9948679d-75aa-4aae-9377-0fac7f998028} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{68cda6d7-b872-4fb8-8273-bbcbbb042e68} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{13c30cd6-5612-47a4-8101-626cc1d2907f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{831e525b-9f82-4cd1-96ec-8b4e18d0f852} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a14f0019-bd79-4f16-971d-e2b648f1b141} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1d413f46-4d67-4d20-9cd9-e474969325a3} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ffb98428-67b4-499d-827d-b854a95d8a3c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{39ac5639-5cc1-40e2-8035-c93273e1a1da} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e62613b-d208-4852-af46-ceaa91b3bfae} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{16ccb7fe-9af1-4aaf-b304-695d7471dcff} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{df1a0687-7770-4b81-85d4-1b0c47970dae} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c8e483c9-a929-462d-a16c-07673fe17092} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4ecbab2f-3bb7-4fb3-a33f-1d1c5037e38b} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7ba7ebe3-45e3-40f9-8cca-c896632d00f4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bfd2f29c-622f-43a5-bd72-5d6188e92085} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\awtsPjjG.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\hkpbgq.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ezzgwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jryxdk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twjwqd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axqakq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ggopnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gpcpmv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nqqxzb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qkikcu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pbyjlt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rstifc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xkrnla.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jblujo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\afdexe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clickfile.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bkwuny.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\impsdf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcvuwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ufiaaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\umffgc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hkkkpl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\klkivk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddzmgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xothzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dxmdfk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcDTJAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eheiif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rlmfsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ywtryp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zgtwwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



    Il m'a demandé de redémarrer car certains fichiers ne pouvaient pas être supprimer sans redémarrer, donc voici ce que le texte du scan a donné
    a c 267 8 Sécurité
    a b 9 Windows
    20 Février 2009 23:31:45

    Ok. Je vais allez dormir, bonne nuit.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    20 Février 2009 23:46:38

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Nicolas at 2009-02-20 17:43:52
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 43 GB (14%) free of 305 GB
    Total RAM: 2047 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:43:57, on 2009-02-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Updater.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\program files\powerstrip\pstrip.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PPLiveVA\PPLiveVA.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
    C:\Program Files\trend micro\Nicolas.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {294bd579-b318-4cbb-8bbd-59a022d3d7f7} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: (no name) - {ee2f629b-e3b5-45ff-855c-60b4908470c0} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3803] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1357] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6215] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3710] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5438] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA624] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3425] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3425] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3852] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC403] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA990] command.com /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
    O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
    O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Program Files\Gnuf\Casino\casinogame.exe
    O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
    O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Program Files\Gnuf\Poker\MPPoker.exe
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlayer/launcher/PotPlayerL...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
    O20 - Winlogon Notify: awtsPjjG - C:\WINDOWS\
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 15021 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{294bd579-b318-4cbb-8bbd-59a022d3d7f7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
    Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee2f629b-e3b5-45ff-855c-60b4908470c0}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
    "nwiz"=nwiz.exe /install []
    "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
    "LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "iRiver Updater"=\Updater.exe [2004-07-01 212992]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
    "PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingC3803"=cmd.exe /c del C:\Program Files\Everest Poker\gvcrt.dll []
    "SpybotDeletingA1357"=command.com /c del C:\Program Files\Everest Poker\gvmain.exe []
    "SpybotDeletingC6215"=cmd.exe /c del C:\Program Files\Everest Poker\gvmain.exe []
    "SpybotDeletingA3710"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt []
    "SpybotDeletingC5438"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt []
    "SpybotDeletingA624"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art []
    "SpybotDeletingC3425"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art []
    "SpybotDeletingA3425"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingA3852"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingC403"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingA990"=command.com /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
    "SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
    "SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
    "SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
    "SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
    "SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
    "SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []
    "SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
    "Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
    "Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
    "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
    "PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
    "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-11 2356088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

    C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsPjjG]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
    "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:Enabled:o ctoshapeClient"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
    "C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
    "C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
    "C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabled:D aum ?????"
    "C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:D aum ?????"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
    "C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:p PLive"
    "C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:p PLiveVA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\setup.exe


    ======List of files/folders created in the last 3 months======

    2009-02-20 16:54:53 ----A---- C:\ComboFix.txt
    2009-02-20 15:52:51 ----A---- C:\Boot.bak
    2009-02-20 15:52:36 ----RASHD---- C:\cmdcons
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\zip.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\VFIND.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\SWSC.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\SWREG.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\sed.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\grep.exe
    2009-02-20 15:50:51 ----A---- C:\WINDOWS\fdsv.exe
    2009-02-20 15:50:33 ----D---- C:\WINDOWS\ERDNT
    2009-02-20 15:50:33 ----D---- C:\Qoobox
    2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
    2009-02-20 14:49:38 ----D---- C:\rsit
    2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
    2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
    2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
    2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
    2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
    2009-02-16 18:00:36 ----D---- C:\Program Files\Everest Poker
    2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
    2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
    2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
    2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-02-07 19:27:34 ----A---- C:\rapport.txt
    2009-02-07 19:13:47 ----A---- C:\WINDOWS\system32\9bcf1a77-.txt
    2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
    2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
    2009-02-05 22:28:28 ----A---- C:\WINDOWS\system32\ati2sgag.exe
    2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
    2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
    2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
    2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
    2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
    2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
    2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
    2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
    2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
    2009-01-18 18:23:49 ----D---- C:\Poker
    2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-14 15:43:59 ----D---- C:\PPVADownloads
    2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
    2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
    2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
    2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
    2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
    2009-01-10 20:11:26 ----A---- C:\log_lobby_dumper.txt
    2009-01-10 20:11:26 ----A---- C:\log_lobby.txt
    2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
    2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
    2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
    2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
    2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
    2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
    2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
    2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
    2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
    2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
    2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
    2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
    2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
    2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
    2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
    2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
    2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
    2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
    2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
    2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
    2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
    2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
    2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
    2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
    2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
    2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
    2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info
    2008-11-21 16:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
    2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
    2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
    2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
    2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
    2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
    2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
    2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
    2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
    2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
    2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
    2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
    2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
    2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
    2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
    2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
    2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
    2008-11-21 16:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
    2008-11-21 16:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-11-21 16:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

    ======List of files/folders modified in the last 3 months======

    2009-02-20 17:43:40 ----D---- C:\WINDOWS\Temp
    2009-02-20 17:39:43 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-20 17:38:18 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
    2009-02-20 17:37:59 ----D---- C:\Program Files\Steam
    2009-02-20 17:37:13 ----D---- C:\Program Files\DNA
    2009-02-20 17:37:13 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
    2009-02-20 17:35:54 ----SD---- C:\WINDOWS\Tasks
    2009-02-20 17:32:19 ----D---- C:\WINDOWS\system32\drivers
    2009-02-20 17:32:19 ----D---- C:\WINDOWS\system32
    2009-02-20 17:31:29 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-20 17:31:27 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-20 17:25:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-20 16:54:57 ----D---- C:\WINDOWS
    2009-02-20 16:46:05 ----A---- C:\WINDOWS\system.ini
    2009-02-20 16:33:54 ----D---- C:\WINDOWS\system32\config
    2009-02-20 16:22:44 ----D---- C:\WINDOWS\AppPatch
    2009-02-20 16:21:50 ----D---- C:\Program Files\Common Files
    2009-02-20 15:52:51 ----RASH---- C:\boot.ini
    2009-02-20 15:50:29 ----D---- C:\WINDOWS\Prefetch
    2009-02-20 14:49:39 ----RD---- C:\Program Files
    2009-02-20 14:30:38 ----A---- C:\log.txt
    2009-02-19 23:27:38 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-02-19 21:52:20 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
    2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
    2009-02-19 21:24:32 ----D---- C:\Documents and Settings
    2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
    2009-02-17 11:49:13 ----D---- C:\Downloads
    2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
    2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-14 21:55:31 ----SHD---- C:\WINDOWS\Installer
    2009-02-14 16:20:00 ----D---- C:\Program Files\PartyGaming
    2009-02-13 23:06:25 ----D---- C:\Program Files\Full Tilt Poker
    2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
    2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
    2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-02-03 18:33:57 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
    2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
    2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
    2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
    2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
    2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
    2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
    2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
    2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
    2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
    2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
    2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
    2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
    2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
    2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
    2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
    2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
    2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
    2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
    2009-01-13 22:45:52 ----A---- C:\WINDOWS\system32\atikvmag.dll
    2009-01-13 22:44:05 ----A---- C:\WINDOWS\system32\atitvo32.dll
    2009-01-13 22:37:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll
    2009-01-13 22:37:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
    2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-01-05 13:18:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-01-05 02:13:24 ----A---- C:\WINDOWS\BnetLog.txt
    2009-01-01 10:25:47 ----D---- C:\Program Files\DivX
    2008-12-30 17:09:53 ----D---- C:\WINDOWS\Minidump
    2008-12-19 03:00:43 ----D---- C:\WINDOWS\ie7updates
    2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 03:02:53 ----D---- C:\Program Files\Internet Explorer
    2008-12-03 10:28:07 ----D---- C:\Program Files\UltimateBet
    2008-11-29 14:52:21 ----D---- C:\Program Files\MSN Games
    2008-11-29 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
    R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
    R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-14 27992]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-25 25280]
    R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-27 84992]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-19 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 59264]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-02-18 17152]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 a9c27zlb;a9c27zlb; C:\WINDOWS\system32\drivers\a9c27zlb.sys []
    S3 alonzc7m;alonzc7m; C:\WINDOWS\system32\drivers\alonzc7m.sys []
    S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
    S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-04-11 20496]
    S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
    S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
    S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

    -----------------EOF-----------------

    info.txt logfile of random's system information tool 1.05 2009-02-20 14:49:53

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNNMP.exe /UNINSTALL
    -->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
    -->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    500 From Special K Software-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\500 From Special K\ST6UNST.LOG"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Premiere Pro Tryout-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
    CDPoker-->"C:\Poker\CDPoker\_SetupPoker.exe" /uninstall
    Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Condition Zero Deleted Scenes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/100
    Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
    ConvertXtoDVD 3.0.0.1-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
    Daum ÆÌÇ÷¹À̾î-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dual-Core Optimizer-->MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
    Empire Earth III-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
    Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0xc0c -removeonly
    First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}\setup.exe" -l0x40c UNINSTALL
    ForceBindIP-->C:\WINDOWS\system32\ForceBindIP-Uninstaller.exe
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Gnuf.com Casino-->C:\Program Files\Gnuf\Casino\uninst.exe
    Gnuf.com Poker-->C:\Program Files\Gnuf\Poker\uninst.exe
    GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"
    Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x40c
    Heroes of Might and Magic® IV: Winds of War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hollywood Poker Tournament Director's Poker Clock-->C:\Program Files\Hollywood Poker Tournament Director's Poker Clock\Hollywood Poker Tournament Director's Poker Clock.exe /UNINSTALL "C:\WINDOWS\system32\Hollywood Poker Tournament Director's Poker Clock.log"
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    ICCup Launcher-->"C:\Documents and Settings\All Users\Desktop\Launcher\unins000.exe"
    ImageMixer EasyStepDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C32B46-41C3-438F-94F6-55FE150D50D8}\setup.exe" -l0x40c UNINSTALL
    iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
    iRiver Updater-->\uninst.exe
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
    Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly
    Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
    Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
    Oblivion mod manager 1.1.5-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
    Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
    PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
    Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
    PicturePackages-->MsiExec.exe /X{E0A76F67-9136-4370-9413-891DBCF199CB}
    Playchess-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}\setup.exe" -l0xc0c -removeonly
    Poker 770-->"C:\Poker\Poker 770\_SetupCasino.exe" /uninstall
    PokerRoomSchool-->"C:\Poker\PokerRoomSchool\_SetupPoker[1].exe" /uninstall
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
    PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
    PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
    PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
    PowerStrip 3 (remove only)-->C:\Program Files\PowerStrip\uninstal.exe
    PPLive 1.9-->C:\Program Files\PPLive\uninst.exe
    psqlODBC-->MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
    Sea3D-->"C:\Program Files\Sea3D\uninstall.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninst
    20 Février 2009 23:47:04

    info.txt logfile of random's system information tool 1.05 2009-02-20 14:49:53

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNNMP.exe /UNINSTALL
    -->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
    -->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    500 From Special K Software-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\500 From Special K\ST6UNST.LOG"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Premiere Pro Tryout-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
    CDPoker-->"C:\Poker\CDPoker\_SetupPoker.exe" /uninstall
    Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Condition Zero Deleted Scenes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/100
    Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
    ConvertXtoDVD 3.0.0.1-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
    Daum ÆÌÇ÷¹À̾î-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dual-Core Optimizer-->MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
    Empire Earth III-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
    Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0xc0c -removeonly
    First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}\setup.exe" -l0x40c UNINSTALL
    ForceBindIP-->C:\WINDOWS\system32\ForceBindIP-Uninstaller.exe
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Gnuf.com Casino-->C:\Program Files\Gnuf\Casino\uninst.exe
    Gnuf.com Poker-->C:\Program Files\Gnuf\Poker\uninst.exe
    GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"
    Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x40c
    Heroes of Might and Magic® IV: Winds of War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hollywood Poker Tournament Director's Poker Clock-->C:\Program Files\Hollywood Poker Tournament Director's Poker Clock\Hollywood Poker Tournament Director's Poker Clock.exe /UNINSTALL "C:\WINDOWS\system32\Hollywood Poker Tournament Director's Poker Clock.log"
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    ICCup Launcher-->"C:\Documents and Settings\All Users\Desktop\Launcher\unins000.exe"
    ImageMixer EasyStepDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C32B46-41C3-438F-94F6-55FE150D50D8}\setup.exe" -l0x40c UNINSTALL
    iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
    iRiver Updater-->\uninst.exe
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
    Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly
    Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
    Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
    Oblivion mod manager 1.1.5-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
    Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
    PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
    Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
    PicturePackages-->MsiExec.exe /X{E0A76F67-9136-4370-9413-891DBCF199CB}
    Playchess-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}\setup.exe" -l0xc0c -removeonly
    Poker 770-->"C:\Poker\Poker 770\_SetupCasino.exe" /uninstall
    PokerRoomSchool-->"C:\Poker\PokerRoomSchool\_SetupPoker[1].exe" /uninstall
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
    PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
    PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
    PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
    PowerStrip 3 (remove only)-->C:\Program Files\PowerStrip\uninstal.exe
    PPLive 1.9-->C:\Program Files\PPLive\uninst.exe
    psqlODBC-->MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
    Sea3D-->"C:\Program Files\Sea3D\uninstall.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x040c -removeonly
    Sid Meier's Civilization 4 - Warlords-->C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x040c -removeonly
    Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly
    Silkroad-->C:\Program Files\Silkroad\Remove.Exe
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sony DVD Handycam USB Driver 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A360821C-6B51-4EE4-A7E5-5E14B15004CD}\Setup.exe" UNINSTALL
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe"
    Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
    The Tournament Director 2-->C:\Program Files\The Tournament Director 2\Uninstall.exe
    Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    UltimateBet-->C:\Program Files\_uninstallation_info\UltimateBet\CasinoUninstall.exe
    Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
    Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    USB Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB322BA7-761F-476F-ABA1-227331CDEF29}\setup.exe" -l0x9 -removeonly
    Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Victor Chandler-->"C:\Poker\Victor Chandler\_SetupCasino.exe" /uninstall
    VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WinAVI Video Capture 2.0-->"C:\Program Files\WinAVI Video Capture\unins000.exe"
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
    World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ======Hosts File======

    65.98.84.21 tv.gomtv.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090219-0]

    System event log

    Computer Name: COMPANY-253E74B
    Event Code: 7035
    Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Record Number: 19132
    Source Name: Service Control Manager
    Time Written: 20090129080119.000000-300
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: COMPANY-253E74B
    Event Code: 7035
    Message: The Remote Access Connection Manager service was successfully sent a start control.

    Record Number: 19131
    Source Name: Service Control Manager
    Time Written: 20090129080119.000000-300
    Event Type: information
    User: COMPANY-253E74B\Nicolas

    Computer Name: COMPANY-253E74B
    Event Code: 7036
    Message: The Telephony service entered the running state.

    Record Number: 19130
    Source Name: Service Control Manager
    Time Written: 20090129080119.000000-300
    Event Type: information
    User:

    Computer Name: COMPANY-253E74B
    Event Code: 7036
    Message: The SSDP Discovery Service service entered the running state.

    Record Number: 19129
    Source Name: Service Control Manager
    Time Written: 20090129080119.000000-300
    Event Type: information
    User:

    Computer Name: COMPANY-253E74B
    Event Code: 7035
    Message: The SSDP Discovery Service service was successfully sent a start control.

    Record Number: 19128
    Source Name: Service Control Manager
    Time Written: 20090129080119.000000-300
    Event Type: information
    User: COMPANY-253E74B\Nicolas

    Application event log

    Computer Name: COMPANY-253E74B
    Event Code: 12001
    Message: The Messenger Sharing USN Journal Reader service started successfully.

    Record Number: 7581
    Source Name: usnjsvc
    Time Written: 20090110130026.000000-300
    Event Type:
    User:

    Computer Name: COMPANY-253E74B
    Event Code: 1800
    Message: The Windows Security Center Service has started.

    Record Number: 7580
    Source Name: SecurityCenter
    Time Written: 20090110115416.000000-300
    Event Type: information
    User:

    Computer Name: COMPANY-253E74B
    Event Code: 1
    Message:
    Record Number: 7579
    Source Name: Bonjour Service
    Time Written: 20090110115358.000000-300
    Event Type: information
    User:

    Computer Name: COMPANY-253E74B
    Event Code: 1517
    Message: Windows saved user COMPANY-253E74B\Nicolas registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 7578
    Source Name: Userenv
    Time Written: 20090110001713.000000-300
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: COMPANY-253E74B
    Event Code: 1524
    Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    Record Number: 7577
    Source Name: Userenv
    Time Written: 20090110001616.000000-300
    Event Type: warning
    User: COMPANY-253E74B\Nicolas

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=6b01
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------
    a c 267 8 Sécurité
    a b 9 Windows
    21 Février 2009 04:51:43

    1/

  • Désinstalle Everest Poker.
  • Cherche ce fichier : C:\Program Files\trend micro\Nicolas.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: (no name) - {294bd579-b318-4cbb-8bbd-59a022d3d7f7} - (no file)

    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

    O2 - BHO: (no name) - {ee2f629b-e3b5-45ff-855c-60b4908470c0} - (no file)

    O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)

    O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nicolas\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)

    O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlaye [...] uncher.cab

    O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

    O20 - Winlogon Notify: awtsPjjG - C:\WINDOWS\

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\log.txt
    C:\WINDOWS\system32\9bcf1a77-.txt
    C:\Program Files\Everest Poker

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    21 Février 2009 06:52:37

    Je m'en vais dormir, à mon tour (Québec) est-ce que je vais pouvoir réinstaller everest poker ou bien il y a des problème relier à ce programme car dison qu'il y a un système de tournois dans lequel je suis inscrit qui inclut toutes les universités du québec. Si c'est le cas je crois que je vais devoir attendre la fin de ce tournoi, c'est-à-dire 2 semaines.
    a c 267 8 Sécurité
    a b 9 Windows
    21 Février 2009 08:18:18

    Spybot essayait de te retirer Everest Poker, c'est qu'il y a un soucis avec ce programme.
    21 Février 2009 23:10:01

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\log.txt moved successfully.
    C:\WINDOWS\system32\9bcf1a77-.txt moved successfully.
    C:\Program Files\Everest Poker moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\Perflib_Perfdata_a0c.dat scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02212009_165758

    Files moved on Reboot...
    File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\Perflib_Perfdata_a0c.dat not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.


    j'ai fait ce qu'il fallait faire
    a c 267 8 Sécurité
    a b 9 Windows
    21 Février 2009 23:22:33

  • Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur l'icône AD-Remover située sur ton Bureau.
  • Au menu principal, choisis l'option A.
  • Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    21 Février 2009 23:30:31


    ------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

    Updated by C_XX on 15/02/2009 at 10:20

    Start at: 17:27:33 | Sat 2009-02-21 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (Version 5.1.2600)
    Computer Name: COMPANY-253E74B
    Current User: Nicolas - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: CDFS)
    - F:\ (File System: CDFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 52

    +-----------------| Boonty/Boonty Games Elements Found:

    .
    .

    +-----------------| Eorezo Elements Found:

    .

    +-----------------| Infected Poker Softwares Elements Found:

    HKCU\Software\Grand Virtual
    HKCU\Software\PartyGaming
    HKCU\Software\Poker 770
    HKCU\Software\Titan Poker
    HKLM\Software\Poker 770
    HKLM\Software\Titan Poker
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
    HKU\S-1-5-21-682003330-1580818891-839522115-1003\Software\Titan Poker
    .
    C:\log_lobby_dumper.txt
    C:\log_lobby.txt
    C:\Poker\Poker 770
    C:\Poker\Poker 770\data
    C:\Poker\Poker 770\History
    C:\Poker\Poker 770\data\blackjack
    C:\Poker\Poker 770\data\casinowar
    C:\Poker\Poker 770\data\craps
    C:\Poker\Poker 770\data\keno
    C:\Poker\Poker 770\data\lobby
    C:\Poker\Poker 770\data\poker_caribbean
    C:\Poker\Poker 770\data\poker_holdem
    C:\Poker\Poker 770\data\roulette
    C:\Poker\Poker 770\data\shared
    C:\Poker\Poker 770\data\slots_bonusbears25line
    C:\Poker\Poker 770\data\slots_cinerama5reel
    C:\Poker\Poker 770\data\slots_desert20line
    C:\Poker\Poker 770\data\slots_forestofwonders25line
    C:\Poker\Poker 770\data\slots_gold8line
    C:\Poker\Poker 770\data\slots_lotto20line
    C:\Poker\Poker 770\data\slots_lovemore20line
    C:\Poker\Poker 770\data\slots_silentsamurai9line
    C:\Poker\Poker 770\data\slots_wildspirit20line
    C:\Poker\Poker 770\data\table
    C:\Poker\Poker 770\data\videopoker_4aces
    C:\Poker\Poker 770\data\videopoker_4jacks
    C:\Poker\Poker 770\data\videopoker_jacks
    C:\Poker\Poker 770\data\videopoker_joker
    C:\Poker\Poker 770\data\craps\3d
    C:\Poker\Poker 770\data\keno\3d
    C:\Poker\Poker 770\data\keno\buttons
    C:\Poker\Poker 770\data\keno\sounds
    C:\Poker\Poker 770\data\lobby\buttons
    C:\Poker\Poker 770\data\lobby\dialogs
    C:\Poker\Poker 770\data\lobby\login
    C:\Poker\Poker 770\data\lobby\sidegames
    C:\Poker\Poker 770\data\lobby\tables
    C:\Poker\Poker 770\data\lobby\waitinglist
    C:\Poker\Poker 770\data\roulette\3d
    C:\Poker\Poker 770\data\roulette\buttons
    C:\Poker\Poker 770\data\roulette\sounds
    C:\Poker\Poker 770\data\roulette\zoom
    C:\Poker\Poker 770\data\shared\3d
    C:\Poker\Poker 770\data\shared\9line
    C:\Poker\Poker 770\data\shared\blackjack
    C:\Poker\Poker 770\data\shared\buttons
    C:\Poker\Poker 770\data\shared\cards
    C:\Poker\Poker 770\data\shared\coins
    C:\Poker\Poker 770\data\shared\dollarball
    C:\Poker\Poker 770\data\shared\doublescreen
    C:\Poker\Poker 770\data\shared\fonts
    C:\Poker\Poker 770\data\shared\history
    C:\Poker\Poker 770\data\shared\html
    C:\Poker\Poker 770\data\shared\interface
    C:\Poker\Poker 770\data\shared\options
    C:\Poker\Poker 770\data\shared\slots
    C:\Poker\Poker 770\data\shared\sounds
    C:\Poker\Poker 770\data\shared\tablegames
    C:\Poker\Poker 770\data\shared\tablesigns
    C:\Poker\Poker 770\data\shared\ui
    C:\Poker\Poker 770\data\shared\videopoker_4line
    C:\Poker\Poker 770\data\shared\videopoker_jacks
    C:\Poker\Poker 770\data\shared\cards\poker
    C:\Poker\Poker 770\data\shared\cards\textures
    C:\Poker\Poker 770\data\shared\coins\tablecoins
    C:\Poker\Poker 770\data\shared\dollarball\sounds
    C:\Poker\Poker 770\data\shared\history\cards
    C:\Poker\Poker 770\data\shared\html\chat
    C:\Poker\Poker 770\data\shared\html\chat\emoticons
    C:\Poker\Poker 770\data\shared\interface\chat
    C:\Poker\Poker 770\data\shared\slots\lines
    C:\Poker\Poker 770\data\shared\sounds\dealervoices
    C:\Poker\Poker 770\data\shared\sounds\playersounds
    C:\Poker\Poker 770\data\shared\sounds\dealervoices\numbers
    C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer
    C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude
    C:\Poker\Poker 770\data\shared\sounds\playersounds\bond
    C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy
    C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchgirl
    C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchman
    C:\Poker\Poker 770\data\shared\sounds\playersounds\mafiaguy
    C:\Poker\Poker 770\data\shared\sounds\playersounds\olderbusinesswoman
    C:\Poker\Poker 770\data\shared\sounds\playersounds\oldtourist
    C:\Poker\Poker 770\data\shared\sounds\playersounds\valleygirl
    C:\Poker\Poker 770\data\shared\tablegames\gold_dark
    C:\Poker\Poker 770\data\shared\videopoker_4line\buttons
    C:\Poker\Poker 770\data\slots_bonusbears25line\sounds
    C:\Poker\Poker 770\data\slots_cinerama5reel\bonus
    C:\Poker\Poker 770\data\slots_cinerama5reel\bonus2
    C:\Poker\Poker 770\data\slots_cinerama5reel\sounds
    C:\Poker\Poker 770\data\slots_cinerama5reel\wintable
    C:\Poker\Poker 770\data\slots_cinerama5reel\bonus\select
    C:\Poker\Poker 770\data\slots_cinerama5reel\bonus2\select
    C:\Poker\Poker 770\data\slots_desert20line\bonusgame
    C:\Poker\Poker 770\data\slots_desert20line\sounds
    C:\Poker\Poker 770\data\slots_desert20line\wintable
    C:\Poker\Poker 770\data\slots_forestofwonders25line\bonus
    C:\Poker\Poker 770\data\slots_forestofwonders25line\sounds
    C:\Poker\Poker 770\data\slots_forestofwonders25line\wintable
    C:\Poker\Poker 770\data\slots_gold8line\bonus
    C:\Poker\Poker 770\data\slots_gold8line\fonts
    C:\Poker\Poker 770\data\slots_gold8line\sounds
    C:\Poker\Poker 770\data\slots_gold8line\wintable
    C:\Poker\Poker 770\data\slots_gold8line\bonus\screen
    C:\Poker\Poker 770\data\slots_lotto20line\animation
    C:\Poker\Poker 770\data\slots_lotto20line\bonusgame
    C:\Poker\Poker 770\data\slots_lotto20line\fonts
    C:\Poker\Poker 770\data\slots_lotto20line\sounds
    C:\Poker\Poker 770\data\slots_lotto20line\wintable
    C:\Poker\Poker 770\data\slots_lovemore20line\dollarball
    C:\Poker\Poker 770\data\slots_lovemore20line\sounds
    C:\Poker\Poker 770\data\slots_lovemore20line\wintable
    C:\Poker\Poker 770\data\slots_silentsamurai9line\bonus
    C:\Poker\Poker 770\data\slots_silentsamurai9line\buttons
    C:\Poker\Poker 770\data\slots_silentsamurai9line\doubleup
    C:\Poker\Poker 770\data\slots_silentsamurai9line\info
    C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds
    C:\Poker\Poker 770\data\slots_silentsamurai9line\bonus\intro_txt
    C:\Poker\Poker 770\data\slots_silentsamurai9line\bonus\ninjas
    C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\bonus
    C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\doubleup
    C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\reelspins
    C:\Poker\Poker 770\data\slots_silentsamurai9line\sounds\symbols
    C:\Poker\Poker 770\data\slots_wildspirit20line\bonus
    C:\Poker\Poker 770\data\slots_wildspirit20line\buttons
    C:\Poker\Poker 770\data\slots_wildspirit20line\doubleup
    C:\Poker\Poker 770\data\slots_wildspirit20line\info
    C:\Poker\Poker 770\data\slots_wildspirit20line\sounds
    C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\bonus
    C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\doubleup
    C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\reelspins
    C:\Poker\Poker 770\data\slots_wildspirit20line\sounds\symbols
    C:\Poker\Poker 770\data\table\3d
    C:\Poker\Poker 770\data\table\anim
    C:\Poker\Poker 770\data\table\chat
    C:\Poker\Poker 770\data\table\smallview
    C:\Poker\Poker 770\data\table\topview
    C:\Poker\Poker 770\data\table\chat\cards
    C:\Poker\Poker 770\data\table\smallview\anim
    C:\Poker\Poker 770\data\table\smallview\buttons
    C:\Poker\Poker 770\data\table\smallview\chat
    C:\Poker\Poker 770\data\table\smallview\coins
    C:\Poker\Poker 770\data\table\smallview\chat\chat_bottom
    C:\Poker\Poker 770\data\table\topview\anim
    C:\Poker\Poker 770\data\table\topview\avatars
    C:\Poker\Poker 770\data\table\topview\buttons
    C:\Poker\Poker 770\data\table\topview\cards
    C:\Poker\Poker 770\data\table\topview\chat
    C:\Poker\Poker 770\data\table\topview\coins
    C:\Poker\Poker 770\data\table\topview\dialogs
    C:\Poker\Poker 770\data\table\topview\history
    C:\Poker\Poker 770\data\table\topview\chat\chat_bottom
    C:\Poker\Poker 770\data\table\topview\chat\chat_side
    C:\Poker\Poker 770\data\videopoker_joker\animation
    C:\Poker\Poker 770\History\PSR56758632
    C:\Poker\Poker 770\History\PSR56758632\Table
    C:\Poker\Poker 770\History\PSR56758632\Tournament
    C:\Program Files\PartyGaming
    C:\Program Files\PartyGaming\images
    C:\Program Files\PartyGaming\Language
    C:\Program Files\PartyGaming\PartyCasino
    C:\Program Files\PartyGaming\PartyPoker
    C:\Program Files\PartyGaming\tmpUpgrade
    C:\Program Files\PartyGaming\Language\en_US
    C:\Program Files\PartyGaming\Language\en_US\temp
    C:\Program Files\PartyGaming\PartyCasino\language
    C:\Program Files\PartyGaming\PartyCasino\Temp
    C:\Program Files\PartyGaming\PartyCasino\language\en_US
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\articles
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\roulette
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\blackjack
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\multiplayerbj
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\blackjack\blackjack
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\multiplayerbj\multiplayerblackjack
    C:\Program Files\PartyGaming\PartyCasino\language\en_US\images\games\roulette\europeanroulette
    C:\Program Files\PartyGaming\PartyPoker\HandHistory
    C:\Program Files\PartyGaming\PartyPoker\Images
    C:\Program Files\PartyGaming\PartyPoker\Language
    C:\Program Files\PartyGaming\PartyPoker\NewSounds
    C:\Program Files\PartyGaming\PartyPoker\tmpUpgrade
    C:\Program Files\PartyGaming\PartyPoker\HandHistory\Slowsh
    C:\Program Files\PartyGaming\PartyPoker\Images\NewGameTable
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\temp
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images\NewGameTable
    C:\Documents and Settings\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
    C:\Documents and Settings\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
    C:\WINDOWS\Prefetch\CASINO.EXE-241C1ABE.pf
    C:\WINDOWS\Prefetch\CSTART.EXE-1EDA82DF.pf
    C:\WINDOWS\Prefetch\EVEREST POKER.EXE-33F19199.pf
    C:\WINDOWS\Prefetch\POKERTRACKER.EXE-018BB990.pf

    +-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

    .
    .

    +-----------------| It's TV Elements Found:

    .

    +-----------------| Sweetim Elements Found:

    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKLM\Software\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKLM\Software\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    .

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.6 ----

    ProfilePath: 161m1jts.default
    .
    Prefs.js: Browser.Search.SelectedEngine: "Mozilla Add-ons"
    Prefs.js: Browser.Startup.HomePage: "hxxp://www.google.ca/|http://www.rds.ca/|http://www.teamliquid.net/|http://www.gosugamers.net/starcraft/"
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.5730.13 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_USERS\S-1-5-21-682003330-1580818891-839522115-1003\..\Internet Explorer\Main]

    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    [~13280 Bytes] - "C:\Ad-Report-Scan-20.9-.2-21.log"
    -

    End at: 17:29:25 | 2009-02-21
    .
    +-----------------| E.O.F - 269 Lines
    .
    a c 267 8 Sécurité
    a b 9 Windows
    21 Février 2009 23:43:28

    Tes jeux de poker sont détectés comme adware.
    21 Février 2009 23:44:29

    donc si je comprend bien je déinstalle tout?
    a c 267 8 Sécurité
    a b 9 Windows
    21 Février 2009 23:52:42

    S'ils sont détectés, c'est qu'il y a une raison selon moi après c'est toi qui choisit.
    21 Février 2009 23:58:06

    he bien c'est fait! je vais réinstaller seulement ceux sur lesquels je joue quand je vais jouer! Merci pour tout Destrio5 je n'ai plus de pop up sans cesse et mon ordi semble être plus rapide merci beaucoup beaucoup
    a c 267 8 Sécurité
    a b 9 Windows
    22 Février 2009 00:03:07

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

  • Coche A à l'écran de sélection :



  • Puis choisis S, le programme va travailler.

  • Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report.log)

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
    22 Février 2009 00:17:10


    ------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

    Updated by C_XX on 15/02/2009 at 10:20

    *** LIMITED TO ***

    Boonty/BoontyGames
    Eorezo
    Infected Poker Softwares
    FunWebProduct/MyWay/MyWebSearch
    It's TV
    Sweetim

    ******************

    Start at: 18:08:38 | Sat 2009-02-21 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (Version 5.1.2600)
    Computer Name: COMPANY-253E74B
    Current User: Nicolas - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: CDFS)
    - F:\ (File System: CDFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 53

    (!) ---- IE start pages/Tabs reset

    +--------------------| Boonty/Boonty Games Elements Deleted :

    .
    .

    +-----------------| Eorezo Elements Deleted :

    .

    +-----------------| Infected Poker Softwares Elements Deleted :

    HKCU\Software\Grand Virtual
    HKCU\Software\PartyGaming
    HKCU\Software\Poker 770
    HKCU\Software\Titan Poker
    HKLM\Software\Poker 770
    HKLM\Software\Titan Poker
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
    .
    C:\log_lobby_dumper.txt
    C:\log_lobby.txt
    C:\Program Files\PartyGaming
    C:\Documents and Settings\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
    C:\WINDOWS\Prefetch\CASINO.EXE-241C1ABE.pf
    C:\WINDOWS\Prefetch\CSTART.EXE-1EDA82DF.pf
    C:\WINDOWS\Prefetch\EVEREST POKER.EXE-33F19199.pf
    C:\WINDOWS\Prefetch\POKERTRACKER.EXE-018BB990.pf

    +-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    .

    +-----------------| It's TV Elements Deleted :

    .

    +-----------------| Sweetim Elements Deleted :

    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.


    +-----------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.6 ----

    ProfilePath: 161m1jts.default
    .
    Prefs.js: Browser.Search.SelectedEngine: "Mozilla Add-ons"
    Prefs.js: Browser.Startup.HomePage: "hxxp://www.google.ca/|http://www.rds.ca/|http://www.teamliquid.net/|http://www.gosugamers.net/starcraft/"
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.5730.13 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_USERS\S-1-5-21-682003330-1580818891-839522115-1003\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://fr.msn.com/

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    [~3952 Bytes] - "C:\Ad-Report-Clean-20.9-.2-21.log"
    [~13414 Bytes] - "C:\Ad-Report-Scan-20.9-.2-21.log"
    -
    C:\Program Files\Ad-remover\TOOLS\BACKUP\20.9-.2-21 - Prefs.js

    End at: 18:15:58 | 2009-02-21
    .
    +-----------------| E.O.F - 91 Lines
    .
    a c 267 8 Sécurité
    a b 9 Windows
    22 Février 2009 00:29:39

  • Désinstalle AD-Remover, Java 6 Update 3 et Java 6 Update 5.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Désinstalle Avast.

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.
    22 Février 2009 03:36:06



    Avira AntiVir Personal
    Report file date: Saturday, February 21, 2009 19:09

    Scanning for 1258799 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: COMPANY-253E74B

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 14:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 17:30:36
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 22:16:05
    ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2009-02-20 22:16:06
    ANTIVIR3.VDF : 7.1.2.59 9728 Bytes 2009-02-21 22:16:06
    Engineversion : 8.2.0.87
    AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-02-21 22:16:18
    AESCRIPT.DLL : 8.1.1.47 348539 Bytes 2009-02-21 22:16:17
    AESCN.DLL : 8.1.1.7 127347 Bytes 2009-02-21 22:16:16
    AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 19:58:38
    AEPACK.DLL : 8.1.3.8 397684 Bytes 2009-02-21 22:16:15
    AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2009-02-21 22:16:13
    AEHEUR.DLL : 8.1.0.97 1610103 Bytes 2009-02-21 22:16:12
    AEHELP.DLL : 8.1.2.0 119159 Bytes 2009-02-21 22:16:10
    AEGEN.DLL : 8.1.1.20 336245 Bytes 2009-02-21 22:16:09
    AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56
    AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-21 22:16:07
    AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 18:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: Saturday, February 21, 2009 19:09

    Starting search for hidden objects.
    '63403' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'msiexec.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'NkMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
    Scan process 'btdna.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'PStrip.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Updater.exe' - '1' Module(s) have been scanned
    Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
    Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    52 processes with 52 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '72' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD1 [NTSC-US] [SLUS-01251].rar
    [WARNING] An exception has been identified!
    [WARNING] In the module 'aecore.dll' an exception occured.
    Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD1 [NTSC-US] [SLUS-01251].rar
    Error description:ACCESS_VIOLATION
    EAX = 07580568 EBX = 023BCA90
    ECX = 075804B4 EDX = 000001D2
    ESI = 0613E6DF EDI = 023bca8c
    EIP = 01361523 EBP = 06960030
    ESP = 018EEF34 Flg = 00010287
    CS = 00000023 SS = 0000001B
    C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD2 [NTSC-US] [SLUS-01295].rar
    [WARNING] An exception has been identified!
    [WARNING] In the module 'aecore.dll' an exception occured.
    Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD2 [NTSC-US] [SLUS-01295].rar
    Error description:ACCESS_VIOLATION
    EAX = 09AF0568 EBX = 024E7AA8
    ECX = 09AF04B4 EDX = 000001D2
    ESI = 086AE6DF EDI = 024e7aa4
    EIP = 01361523 EBP = 08ED0030
    ESP = 018EEF34 Flg = 00010287
    CS = 00000023 SS = 0000001B
    C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD3 [NTSC-US] [SLUS-01296].rar
    [WARNING] An exception has been identified!
    [WARNING] In the module 'aecore.dll' an exception occured.
    Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD3 [NTSC-US] [SLUS-01296].rar
    Error description:ACCESS_VIOLATION
    EAX = 0C060568 EBX = 02551A90
    ECX = 0C0604B4 EDX = 000001D2
    ESI = 0AC1E6DF EDI = 02551a8c
    EIP = 01361523 EBP = 0B440030
    ESP = 018EEF34 Flg = 00010287
    CS = 00000023 SS = 0000001B
    C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD4 [NTSC-US] [SLUS-01297].rar
    [WARNING] An exception has been identified!
    [WARNING] In the module 'aecore.dll' an exception occured.
    Calling the function AVEPROC_TestFile in file: \\?\C:\Downloads\Final Fantasy 9\Final Fantasy 9 - CD4 [NTSC-US] [SLUS-01297].rar
    Error description:ACCESS_VIOLATION
    EAX = 0E5D0568 EBX = 025CCA78
    ECX = 0E5D04B4 EDX = 000001D2
    ESI = 0D18E6DF EDI = 025cca74
    EIP = 01361523 EBP = 0D9B0030
    ESP = 018EEF34 Flg = 00010283
    CS = 00000023 SS = 0000001B
    C:\Downloads\Lunar.Silver.Star.Story.1999-PSX\CD1\lunar-a.r18
    [0] Archive type: RAR
    --> LUNAR_THE_SILVER_STAR_STORY_1.cue
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Downloads\Lunar.Silver.Star.Story.1999-PSX\CD2\lunar-b.r23
    [0] Archive type: RAR
    --> LUNAR_THE_SILVER_STAR_STORY_2.cue
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Program Files\World of Warcraft\OMG-WoW Launcher.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.aeh.17 back-door program
    [NOTE] The file was moved to '49e7b3b4.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir
    [DETECTION] Is the TR/Dldr.FakeAler.IM Trojan
    [NOTE] The file was moved to '49d8b3b1.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\aeyskc.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b3dd.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\aiescj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a05b3e1.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\aiivca.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a09b3e2.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\alqkvz.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b3e5.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\aryaao.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b3eb.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awttSMFV.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b3f1.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtusrQj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '498bff82.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtuTnnK.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b3f2.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\axzsav.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a1ab3f3.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\brafye.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a01b3ed.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\btjvpo.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0ab3ef.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\btwmhv.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a17b3f0.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byXNhhEw.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f8b3f5.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byXoPigG.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a67ff86.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byXPGXPH.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f8b3f6.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byXPHaXq.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a67ff87.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byXRlljk.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f8b3f7.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXNHBrQ.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f8b3e0.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXOIbcd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f8b3e1.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXRJBrr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a67ff92.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXRJDUl.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f8b3e3.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\csxpww.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a18b3f3.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcAssrr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3e4.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcaXrSl.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '499cff95.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDuSmJ.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3e5.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcYsPfg.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '499cff96.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dgfnil.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a06b3e8.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dvlyve.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0cb3f8.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\eclkyp.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0cb3e5.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcARhgF.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3e8.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcARHwX.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3e9.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcATJDU.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '499cff9a.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcYPfFV.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3eb.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcYQKCV.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3ea.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ekcijm.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3ef.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\emorop.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0fb3f1.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\eswwup.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a17b3f7.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\evymdv.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b3fb.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\exdiuk.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a04b3fd.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fbncja.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb3e7.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fcccbaxY.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '499cff9c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fccccBSm.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3ed.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fccdbbBQ.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '499cff9b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fccYonKa.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3ec.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fdpgjt.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a10b3eb.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fidamufa.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a04b3f0.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ftwczm.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a17b3fc.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fvtkos.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b3fe.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fzmucx.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0db403.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\geBrsRIY.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49e2b3ee.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gmhjkp.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a08b3f6.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gosmnz.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a13b3f8.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gutsin.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b3ff.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hdcoyy.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3ee.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGaywTm.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49e7b3f1.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGvwXPf.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49e7b3f2.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGwUooN.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a78ff83.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGXOiiJ.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49e7b3f3.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGxXqOF.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a78ff84.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGyxVpq.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49e7b3f5.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifedcDv.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a06b3f6.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifefEVN.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4999ff87.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifeFXQi.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a06b3f7.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifFYQjI.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4999ff88.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\inaxcr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a01b3fc.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iqywbc.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b400.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jhumoa.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a15b3f7.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkHBTKA.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0bb3fa.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkHXPiI.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0bb3fb.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkKbYpQ.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4994ff8c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkKddET.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0bb3fc.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkLDTkh.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4994ff8d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jtpqwn.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a10b405.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kfcblr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b3f8.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\khfDwxuv.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a06b3fa.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kjhplr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a08b3fd.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kygtff.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a07b40c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYOFWn.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab3fd.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYQKda.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab3fe.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYSjIc.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a75ff8f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYSlkI.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab3e0.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lsmtzm.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0db408.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lyozkg.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0fb40e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJaaAqP.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab401.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJBQJbX.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab402.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJBULff.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a75f873.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJcYpNd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab404.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJYpNff.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49eab403.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mmxaqn.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a18b404.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mwjycx.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0ab40e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\naopse.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0fb3f9.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ncgrnt.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a07b3fb.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ncvlsq.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a16b3fc.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nmzgrw.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a1ab406.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnMCuRk.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb407.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nsnusz.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb40d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nttzhr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b40e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\odjowb.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0ab3ff.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlKCTL.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb40b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlMeDu.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4991f87c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlMgfF.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb40c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnnKBt.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4991f87d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnOEVO.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb40e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnOFVNh.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4991f87e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\oydyim.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a04b416.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\plqzwj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b409.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnlkJCV.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb40f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnKeCV.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4991f860.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnLeee.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4991f87f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnlkHw.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb4f0.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMcaWOI.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49edb40e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMcDtrS.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49edb40f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMeDSkH.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a72f860.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMgGyWp.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49edb410.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qqmhdg.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0db412.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rdisfd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a09b405.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rgjhrj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0ab409.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rgwkov.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a17b409.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rmgscd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a07b40f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rnahic.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a01b411.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRHwTnn.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f2b414.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRIbXOg.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a6df865.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRjgfgD.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f2b415.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRLfeCT.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f2b416.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rzdgpe.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a04b41f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sbhprn.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a08b408.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\senekacbjtpete.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '4a0eb411.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\senekadbxqxowb.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '4991f862.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\senekagqfwxmpo.dll.vir
    [DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
    [NOTE] The file was moved to '4991f881.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spuuvx.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a15b417.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sqctnu.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b419.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqOFWmj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b41b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqOIcay.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b41c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPfDus.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '498ef86d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqpQKda.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b41e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqQkKcd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b41d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tfbhrr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a02b410.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tfgudb.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a07b410.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tiqyge.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b414.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\trfagm.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a06b41e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvUOgDW.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a16b422.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvVPjHy.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4989f853.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvvvWMf.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a16b423.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWnMfC.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a16b424.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWoljk.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4989f855.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWopmk.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a16b425.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvwuUnl.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4989f856.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tyilkr.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a09b42a.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ugcrha.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a03b418.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\unznjx.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a1ab41f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urhjeb.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a08b423.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOEwWN.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b424.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOGXRI.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '498ef855.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqQgeba.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b425.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqQjghE.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '498ef856.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqRKDsp.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b426.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\uwthps.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b42b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUkiGAq.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f5b428.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUnmJYO.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f5b429.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUooLcd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a6af85a.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vzlwnn.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0cb42f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUligde.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f5b42c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUommNH.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a6af85d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUoNhFu.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f5b42e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUoOGxY.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49f5b42d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUoOIXP.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a6af85e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wxxzlj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a18b430.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xetwbi.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a14b41d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xfnkdw.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0eb41e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xoqwqe.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a11b427.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywUOig.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b431.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyyvWQG.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4986f842.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yayvVOeF.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b41a.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywTnLE.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b41b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywtQKB.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b41c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyAsRh.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4986f86d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyWnnk.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a19b41e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ycdhnx.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '499bf850.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ychdwj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a08b41f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ywowln.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a0fb433.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\zspiwj.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a10b430.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekalnqviqgd.sys.vir
    [DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
    [NOTE] The file was moved to '4a0eb422.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084109.sys
    [DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
    [NOTE] The file was moved to '49d0b57b.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084110.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '4a4d884c.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084111.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49d0b57c.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084112.dll
    [DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
    [NOTE] The file was moved to '4a4d884d.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084136.exe
    [DETECTION] Is the TR/Dldr.FakeAler.IM Trojan
    [NOTE] The file was moved to '49d0b57d.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084137.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d884e.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084138.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b57e.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084139.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d884f.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084140.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b560.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084141.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8851.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084142.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b57f.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084143.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b0.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084144.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b580.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084145.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b1.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084146.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b582.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084147.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b581.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084148.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b2.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084149.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b583.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084150.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b3.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084151.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b584.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084152.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b4.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084153.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b585.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084154.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b6.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084155.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b587.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084156.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b5.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084157.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b586.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084158.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b7.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084159.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b8.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084160.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b589.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084161.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88ba.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084162.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b588.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084163.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88b9.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084164.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b58a.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084165.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88bb.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084166.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b58b.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084167.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88bc.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084168.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b58c.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084169.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88bd.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084170.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b58e.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084171.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88bf.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084172.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b58d.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084173.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88be.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084174.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5f0.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084175.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88c1.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084176.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5f2.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084177.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b58f.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084178.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a0.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084179.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b591.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084180.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a2.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084181.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88c3.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084182.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5f4.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084183.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88c5.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084184.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b593.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084185.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a4.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084186.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b595.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084187.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5f6.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084188.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88c7.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084189.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5f8.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084190.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a6.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084191.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b597.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084192.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a8.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084193.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b599.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084194.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b590.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084195.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a1.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084196.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b592.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084197.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88aa.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084198.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b59b.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084199.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88ac.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084200.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b59d.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084201.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a3.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084202.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b594.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084203.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a5.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084204.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88ae.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084205.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b59f.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084206.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8890.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084207.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b596.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084208.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a7.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084209.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b598.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084210.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88a9.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084211.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a1.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084212.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8892.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084213.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b59a.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084214.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88ab.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084215.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b59c.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084216.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a3.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084217.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8894.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084218.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a5.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084219.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88ad.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084220.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b59e.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084221.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88af.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084222.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88c9.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084223.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8896.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084224.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a7.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084225.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8898.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084226.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5fa.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084227.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88cb.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084228.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5fc.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084229.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a9.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084230.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88cd.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084231.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5fe.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084232.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d889a.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084233.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5ab.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084234.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88cf.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084235.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5e0.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084236.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d88d1.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084237.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d889c.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084238.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5ad.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084239.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a0.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084240.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8891.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084241.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d889e.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084242.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5af.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084243.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8880.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084244.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5b1.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084245.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a2.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084247.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8893.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084248.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a4.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084249.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8895.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084250.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8882.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084251.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5b3.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084252.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8884.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084253.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a6.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084254.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8897.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084255.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5a8.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084256.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8899.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084257.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5b5.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084258.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8886.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084259.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5b7.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084260.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d8888.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084261.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5aa.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084262.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d889b.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084263.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5ac.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084264.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5b9.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084265.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d888a.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084266.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49d0b5bb.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084267.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d888c.qua'!
    C:\System Volume Information\_restore{0D648348-A546-4169-83F7-F38131DF0B25}\RP452\A0084268.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a4d889d.qua'!
    C:\System Volume Inf
    a c 267 8 Sécurité
    a b 9 Windows
    22 Février 2009 12:55:26

    Bien.

  • Refais un scan RSIT et poste le rapport log.
    22 Février 2009 17:06:00

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Nicolas at 2009-02-22 11:02:11
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 56 GB (18%) free of 305 GB
    Total RAM: 2047 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:02:15, on 2009-02-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Updater.exe
    C:\program files\powerstrip\pstrip.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PPLiveVA\PPLiveVA.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
    C:\Program Files\trend micro\Nicolas.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
    O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jin...
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\fidamufa.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11821 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
    Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
    "nwiz"=nwiz.exe /install []
    "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
    "LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "iRiver Updater"=\Updater.exe [2004-07-01 212992]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
    "PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
    "SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
    "SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
    "SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
    "SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
    "SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []
    "SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
    "Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
    "Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
    "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
    "PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

    C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\system32\fidamufa.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    C:\WINDOWS\system32\fidamufa.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
    "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:Enabled:o ctoshapeClient"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
    "C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
    "C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
    "C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabled:D aum ?????"
    "C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:D aum ?????"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
    "C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:p PLive"
    "C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:p PLiveVA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\setup.exe


    ======List of files/folders created in the last 3 months======

    2009-02-21 21:34:25 ----D---- C:\ComboFix
    2009-02-21 21:33:56 ----D---- C:\32788R22FWJFW
    2009-02-21 19:03:22 ----SHD---- C:\Config.Msi
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\java.exe
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-02-21 17:24:52 ----D---- C:\Program Files\Ad-remover
    2009-02-21 17:14:31 ----D---- C:\Program Files\Avira
    2009-02-21 17:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-02-21 16:58:23 ----SHD---- C:\RECYCLER
    2009-02-21 14:48:59 ----D---- C:\WINDOWS\temp
    2009-02-21 14:48:55 ----A---- C:\ComboFix.txt
    2009-02-20 15:52:51 ----A---- C:\Boot.bak
    2009-02-20 15:52:36 ----RASHD---- C:\cmdcons
    2009-02-20 15:50:33 ----D---- C:\WINDOWS\ERDNT
    2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
    2009-02-20 14:49:38 ----D---- C:\rsit
    2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
    2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
    2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
    2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
    2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
    2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
    2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
    2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
    2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-02-07 19:27:34 ----A---- C:\rapport.txt
    2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
    2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
    2009-02-05 22:28:28 ----A---- C:\WINDOWS\system32\ati2sgag.exe
    2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
    2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
    2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
    2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
    2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
    2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
    2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
    2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
    2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
    2009-01-18 18:23:49 ----D---- C:\Poker
    2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-14 15:43:59 ----D---- C:\PPVADownloads
    2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
    2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
    2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
    2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
    2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
    2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
    2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
    2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
    2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
    2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
    2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
    2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
    2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
    2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
    2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
    2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
    2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
    2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
    2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
    2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
    2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
    2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
    2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
    2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
    2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
    2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
    2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
    2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
    2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
    2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
    2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
    2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info

    ======List of files/folders modified in the last 3 months======

    2009-02-22 11:02:15 ----D---- C:\WINDOWS\Prefetch
    2009-02-22 11:01:16 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
    2009-02-22 10:59:43 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-22 10:58:55 ----SD---- C:\WINDOWS\Tasks
    2009-02-22 10:57:58 ----D---- C:\Program Files\Steam
    2009-02-22 10:57:01 ----D---- C:\Program Files\DNA
    2009-02-22 10:57:01 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
    2009-02-22 08:35:08 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-22 02:24:30 ----D---- C:\WINDOWS\system32\config
    2009-02-21 23:30:29 ----D---- C:\Downloads
    2009-02-21 23:17:30 ----RD---- C:\Program Files
    2009-02-21 21:35:50 ----SHD---- C:\System Volume Information
    2009-02-21 21:35:50 ----D---- C:\WINDOWS\system32\Restore
    2009-02-21 21:34:49 ----D---- C:\WINDOWS
    2009-02-21 21:34:42 ----D---- C:\WINDOWS\system32
    2009-02-21 21:07:35 ----D---- C:\Program Files\World of Warcraft
    2009-02-21 19:05:06 ----SHD---- C:\WINDOWS\Installer
    2009-02-21 19:04:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-02-21 19:04:19 ----D---- C:\Program Files\Common Files\Adobe
    2009-02-21 19:04:19 ----D---- C:\Program Files\Adobe
    2009-02-21 19:01:43 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-02-21 19:01:17 ----D---- C:\Program Files\Java
    2009-02-21 18:59:48 ----D---- C:\Program Files\Common Files
    2009-02-21 17:58:27 ----D---- C:\Program Files\Yahoo!
    2009-02-21 17:55:20 ----D---- C:\Program Files\UltimateBet
    2009-02-21 17:55:04 ----D---- C:\Program Files\The Tournament Director 2
    2009-02-21 17:50:50 ----D---- C:\Program Files\Gnuf
    2009-02-21 17:48:26 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-21 17:48:25 ----D---- C:\Program Files\Full Tilt Poker
    2009-02-21 17:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-21 17:14:35 ----D---- C:\WINDOWS\system32\drivers
    2009-02-21 14:34:38 ----A---- C:\WINDOWS\system.ini
    2009-02-21 14:25:09 ----D---- C:\WINDOWS\AppPatch
    2009-02-21 12:39:21 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-02-21 11:50:09 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
    2009-02-20 17:25:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-20 15:52:51 ----RASH---- C:\boot.ini
    2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
    2009-02-19 21:24:32 ----D---- C:\Documents and Settings
    2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
    2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
    2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
    2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
    2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
    2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
    2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
    2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
    2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
    2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
    2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
    2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
    2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
    2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
    2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
    2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
    2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
    2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
    2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
    2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
    2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
    2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
    2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
    2009-01-13 22:45:52 ----A---- C:\WINDOWS\system32\atikvmag.dll
    2009-01-13 22:44:05 ----A---- C:\WINDOWS\system32\atitvo32.dll
    2009-01-13 22:37:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll
    2009-01-13 22:37:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
    2009-01-05 13:18:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-01-05 02:13:24 ----A---- C:\WINDOWS\BnetLog.txt
    2009-01-01 10:25:47 ----D---- C:\Program Files\DivX
    2008-12-30 17:09:53 ----D---- C:\WINDOWS\Minidump
    2008-12-19 03:00:43 ----D---- C:\WINDOWS\ie7updates
    2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 03:02:53 ----D---- C:\Program Files\Internet Explorer
    2008-11-29 14:52:21 ----D---- C:\Program Files\MSN Games
    2008-11-29 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
    R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
    R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-14 27992]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-25 25280]
    R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-27 84992]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-19 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 59264]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-02-18 17152]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 ai4pagom;ai4pagom; C:\WINDOWS\system32\drivers\ai4pagom.sys []
    S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
    S3 ayuj6rcd;ayuj6rcd; C:\WINDOWS\system32\drivers\ayuj6rcd.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-04-11 20496]
    S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
    S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-21 152984]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
    S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

    -----------------EOF-----------------



    En passant, mon ordi fait des bruits quand je démarre l'ordinateur (bip bip bip) et puis quand tu as 411 infections avec avira, cela fait une grande symphonie, est-il possible de baissé le volume ou tout simplement d'arrêter le son qui fait bip bip au démmarage?? et mon autre question, est-ce que je supprime tous les fichiers en quarantaines?
    a c 267 8 Sécurité
    a b 9 Windows
    22 Février 2009 17:40:32

    Citation :
    En passant, mon ordi fait des bruits quand je démarre l'ordinateur (bip bip bip) et puis quand tu as 411 infections avec avira, cela fait une grande symphonie, est-il possible de baissé le volume ou tout simplement d'arrêter le son qui fait bip bip au démmarage?? et mon autre question, est-ce que je supprime tous les fichiers en quarantaines?

    ---> Le son vient de l'enceinte de la carte mère, on peut désactiver le son qu'il fait dans les options d'Antivir (Case Avertissement acoustique).

    1/

  • Cherche ce fichier : C:\Program Files\trend micro\Nicolas.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

    O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"

    O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"

    O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"

    O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"

    O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"

    O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"

    O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"

    O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"

    O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"

    O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"

    O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"

    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

    O20 - AppInit_DLLs: C:\WINDOWS\system32\fidamufa.dll

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose. Idem pour TeaTimer.
  • Ferme HijackThis.
  • Refais un scan RSIT et poste le rapport log.
    22 Février 2009 18:31:14

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Nicolas at 2009-02-22 12:30:46
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 56 GB (18%) free of 305 GB
    Total RAM: 2047 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:30:47, on 2009-02-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Updater.exe
    C:\program files\powerstrip\pstrip.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PPLiveVA\PPLiveVA.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Nicolas\Desktop\RSIT.exe
    C:\Program Files\trend micro\Nicolas.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC15] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9279] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7330] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4985] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3270] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3266] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4498] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4900] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1441] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
    O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jin...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11549 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
    Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-12-17 443672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-27 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
    "nwiz"=nwiz.exe /install []
    "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
    "LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "iRiver Updater"=\Updater.exe [2004-07-01 212992]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
    "PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-11-19 737312]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
    "SpybotDeletingC15"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\en\country.txt []
    "SpybotDeletingA9279"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingC7330"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg []
    "SpybotDeletingA4985"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
    "SpybotDeletingC3270"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg []
    "SpybotDeletingA3753"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
    "SpybotDeletingC3266"=cmd.exe /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg []
    "SpybotDeletingA2362"=command.com /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
    "Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1694208]
    "Octoshape Streaming Services"=C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe [2006-02-13 214648]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-31 68856]
    "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-29 4608]
    "PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-12-17 197968]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-01 342848]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB4498"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingB4900"=command.com /c del C:\Program Files\Everest Poker\casino.exe []
    "SpybotDeletingD1441"=cmd.exe /c del C:\Program Files\Everest Poker\casino.exe []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

    C:\Documents and Settings\Nicolas\Start Menu\Programs\Startup
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    C:\WINDOWS\system32\fidamufa.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\charcute\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
    "C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Nicolas\OctoshapeClient.exe:*:Enabled:o ctoshapeClient"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\age2\empires2.exe"="C:\age2\empires2.exe:*:Enabled:Age of Empires II"
    "C:\age2\age2_x1.exe"="C:\age2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\Program Files\Sea3D\Sea3D.exe"="C:\Program Files\Sea3D\Sea3D.exe:*:Enabled:Sea3D Application"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
    "C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????"
    "C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe"="C:\PROGRA~1\DAUM\POTPLA~1\PotPlayer.exe:*:Enabled:D aum ?????"
    "C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:D aum ?????"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe"="C:\PROGRA~1\DAUM\POTPLA~1\daumvsvr.exe:*:Enabled:VideoPot"
    "C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:p PLive"
    "C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:p PLiveVA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\setup.exe


    ======List of files/folders created in the last 3 months======

    2009-02-21 21:34:25 ----D---- C:\ComboFix
    2009-02-21 21:33:56 ----D---- C:\32788R22FWJFW
    2009-02-21 19:03:22 ----SHD---- C:\Config.Msi
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\java.exe
    2009-02-21 19:01:32 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-02-21 17:24:52 ----D---- C:\Program Files\Ad-remover
    2009-02-21 17:14:31 ----D---- C:\Program Files\Avira
    2009-02-21 17:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-02-21 16:58:23 ----SHD---- C:\RECYCLER
    2009-02-21 14:48:59 ----D---- C:\WINDOWS\temp
    2009-02-21 14:48:55 ----A---- C:\ComboFix.txt
    2009-02-20 15:52:51 ----A---- C:\Boot.bak
    2009-02-20 15:52:36 ----RASHD---- C:\cmdcons
    2009-02-20 15:50:33 ----D---- C:\WINDOWS\ERDNT
    2009-02-20 14:49:39 ----D---- C:\Program Files\trend micro
    2009-02-20 14:49:38 ----D---- C:\rsit
    2009-02-19 22:22:41 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
    2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv43260.dll
    2009-02-19 21:48:51 ----A---- C:\WINDOWS\system32\drv33260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\vp7vfw.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\drv23260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\system32\cook3260.dll
    2009-02-19 21:48:50 ----A---- C:\WINDOWS\gdiplus.dll
    2009-02-19 21:48:49 ----D---- C:\Program Files\VSO
    2009-02-19 21:12:30 ----D---- C:\Documents and Settings\Nicolas\Application Data\Vso
    2009-02-14 21:55:28 ----D---- C:\Program Files\psqlODBC
    2009-02-09 08:59:10 ----D---- C:\Program Files\PostgreSQL
    2009-02-09 08:50:34 ----D---- C:\Program Files\PokerTracker 3
    2009-02-07 19:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-02-07 19:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-07 19:27:45 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-02-07 19:27:34 ----A---- C:\rapport.txt
    2009-02-05 22:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
    2009-02-05 22:38:30 ----D---- C:\Program Files\ATI
    2009-02-05 22:28:28 ----A---- C:\WINDOWS\system32\ati2sgag.exe
    2009-02-03 18:48:44 ----D---- C:\Documents and Settings\Nicolas\Application Data\ATI
    2009-02-03 18:29:14 ----D---- C:\Program Files\My Company Name
    2009-02-03 18:23:06 ----D---- C:\Program Files\Common Files\ATI Technologies
    2009-02-03 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2009-02-03 18:01:00 ----D---- C:\Program Files\ATI Technologies
    2009-02-01 21:34:25 ----A---- C:\WINDOWS\system32\WING32.DLL
    2009-02-01 21:34:05 ----D---- C:\Program Files\Heroes2
    2009-02-01 21:33:57 ----A---- C:\WINDOWS\uninst.exe
    2009-01-24 16:34:49 ----A---- C:\WINDOWS\ScUnin.exe
    2009-01-24 16:34:22 ----D---- C:\Program Files\Starcraft
    2009-01-18 18:23:49 ----D---- C:\Poker
    2009-01-15 07:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-14 15:43:59 ----D---- C:\PPVADownloads
    2009-01-13 22:44:17 ----A---- C:\WINDOWS\system32\atiadlxx.dll
    2009-01-13 21:36:37 ----A---- C:\WINDOWS\system32\amdcalrt.dll
    2009-01-13 21:36:30 ----A---- C:\WINDOWS\system32\amdcalcl.dll
    2009-01-13 21:34:00 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
    2009-01-12 18:53:47 ----D---- C:\Program Files\PokerStars
    2009-01-07 16:44:58 ----D---- C:\Documents and Settings\Nicolas\Application Data\skypePM
    2009-01-07 16:43:08 ----D---- C:\Documents and Settings\Nicolas\Application Data\Skype
    2009-01-07 16:42:41 ----D---- C:\Program Files\Skype
    2009-01-07 16:42:40 ----D---- C:\Program Files\Common Files\Skype
    2009-01-07 16:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-01-05 13:20:44 ----D---- C:\WINDOWS\system32\appmgmt
    2009-01-05 12:34:57 ----D---- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
    2009-01-05 12:33:30 ----D---- C:\Program Files\Bonjour
    2009-01-05 12:32:22 ----D---- C:\Program Files\QuickTime
    2009-01-05 12:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2009-01-05 12:31:04 ----D---- C:\Program Files\Apple Software Update
    2009-01-05 12:30:25 ----D---- C:\Program Files\Common Files\Apple
    2009-01-05 03:55:38 ----D---- C:\FavoriteVideo
    2009-01-05 03:55:37 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLiveVA
    2009-01-05 03:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
    2009-01-05 03:55:17 ----D---- C:\Program Files\PPLiveVA
    2009-01-05 03:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive
    2009-01-05 03:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm
    2009-01-05 03:20:59 ----D---- C:\WINDOWS\system32\PPLive
    2009-01-05 03:20:28 ----D---- C:\Documents and Settings\Nicolas\Application Data\PPLive
    2009-01-05 03:19:59 ----D---- C:\Program Files\PPLive
    2009-01-04 13:34:32 ----A---- C:\WINDOWS\wininit.ini
    2009-01-04 13:34:14 ----D---- C:\Program Files\PowerStrip
    2008-12-29 16:59:48 ----D---- C:\Program Files\Delta
    2008-12-29 16:55:50 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
    2008-12-29 16:52:44 ----D---- C:\Program Files\Alcohol Soft
    2008-12-18 02:42:21 ----D---- C:\Program Files\InCode Solutions
    2008-12-17 16:17:05 ----D---- C:\Program Files\VID_0E8F&PID_0003
    2008-12-12 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-03 10:26:25 ----D---- C:\Program Files\_uninstallation_info

    ======List of files/folders modified in the last 3 months======

    2009-02-22 12:29:36 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-22 12:29:07 ----D---- C:\WINDOWS\Prefetch
    2009-02-22 12:27:11 ----D---- C:\Documents and Settings\Nicolas\Application Data\DNA
    2009-02-22 12:25:04 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-02-22 11:01:16 ----D---- C:\Documents and Settings\Nicolas\Application Data\Hamachi
    2009-02-22 10:58:55 ----SD---- C:\WINDOWS\Tasks
    2009-02-22 10:57:58 ----D---- C:\Program Files\Steam
    2009-02-22 10:57:01 ----D---- C:\Program Files\DNA
    2009-02-22 08:35:08 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-22 02:24:30 ----D---- C:\WINDOWS\system32\config
    2009-02-21 23:30:29 ----D---- C:\Downloads
    2009-02-21 23:17:30 ----RD---- C:\Program Files
    2009-02-21 21:35:50 ----SHD---- C:\System Volume Information
    2009-02-21 21:35:50 ----D---- C:\WINDOWS\system32\Restore
    2009-02-21 21:34:49 ----D---- C:\WINDOWS
    2009-02-21 21:34:42 ----D---- C:\WINDOWS\system32
    2009-02-21 21:07:35 ----D---- C:\Program Files\World of Warcraft
    2009-02-21 19:05:06 ----SHD---- C:\WINDOWS\Installer
    2009-02-21 19:04:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-02-21 19:04:19 ----D---- C:\Program Files\Common Files\Adobe
    2009-02-21 19:04:19 ----D---- C:\Program Files\Adobe
    2009-02-21 19:01:43 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-02-21 19:01:17 ----D---- C:\Program Files\Java
    2009-02-21 18:59:48 ----D---- C:\Program Files\Common Files
    2009-02-21 17:58:27 ----D---- C:\Program Files\Yahoo!
    2009-02-21 17:55:20 ----D---- C:\Program Files\UltimateBet
    2009-02-21 17:55:04 ----D---- C:\Program Files\The Tournament Director 2
    2009-02-21 17:50:50 ----D---- C:\Program Files\Gnuf
    2009-02-21 17:48:26 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-21 17:48:25 ----D---- C:\Program Files\Full Tilt Poker
    2009-02-21 17:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-21 17:14:35 ----D---- C:\WINDOWS\system32\drivers
    2009-02-21 14:34:38 ----A---- C:\WINDOWS\system.ini
    2009-02-21 14:25:09 ----D---- C:\WINDOWS\AppPatch
    2009-02-21 11:50:09 ----D---- C:\Documents and Settings\Nicolas\Application Data\uTorrent
    2009-02-20 17:25:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-20 15:52:51 ----RASH---- C:\boot.ini
    2009-02-19 21:25:16 ----D---- C:\Program Files\uTorrent
    2009-02-19 21:24:32 ----D---- C:\Documents and Settings
    2009-02-19 21:12:51 ----HD---- C:\WINDOWS\inf
    2009-02-16 18:01:02 ----A---- C:\WINDOWS\win.ini
    2009-02-14 22:01:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-07 22:18:41 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-02-05 22:38:12 ----RSD---- C:\WINDOWS\assembly
    2009-02-05 22:37:51 ----D---- C:\WINDOWS\WinSxS
    2009-02-05 22:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-02-05 22:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-01-31 20:16:44 ----D---- C:\Program Files\TVAnts
    2009-01-31 00:35:24 ----D---- C:\Documents and Settings\Nicolas\Application Data\mIRC
    2009-01-30 17:32:32 ----D---- C:\Program Files\mIRC
    2009-01-18 12:03:21 ----D---- C:\WINDOWS\system32\DirectX
    2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-01-16 19:26:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-01-15 07:47:44 ----A---- C:\WINDOWS\imsins.BAK
    2009-01-15 07:47:08 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-14 00:46:13 ----A---- C:\WINDOWS\system32\atioglxx.dll
    2009-01-13 23:53:11 ----A---- C:\WINDOWS\system32\atiok3x2.dll
    2009-01-13 23:49:05 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
    2009-01-13 23:47:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
    2009-01-13 23:36:29 ----A---- C:\WINDOWS\system32\atipdlxx.dll
    2009-01-13 23:36:15 ----A---- C:\WINDOWS\system32\Oemdspif.dll
    2009-01-13 23:36:06 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
    2009-01-13 23:35:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
    2009-01-13 23:35:38 ----A---- C:\WINDOWS\system32\ati2evxx.dll
    2009-01-13 23:34:00 ----A---- C:\WINDOWS\system32\ati2evxx.exe
    2009-01-13 23:32:31 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
    2009-01-13 23:22:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
    2009-01-13 23:05:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
    2009-01-13 22:50:08 ----A---- C:\WINDOWS\system32\amdpcom32.dll
    2009-01-13 22:45:52 ----A---- C:\WINDOWS\system32\atikvmag.dll
    2009-01-13 22:44:05 ----A---- C:\WINDOWS\system32\atitvo32.dll
    2009-01-13 22:37:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll
    2009-01-13 22:37:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
    2009-01-05 13:18:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-01-05 02:13:24 ----A---- C:\WINDOWS\BnetLog.txt
    2009-01-01 10:25:47 ----D---- C:\Program Files\DivX
    2008-12-30 17:09:53 ----D---- C:\WINDOWS\Minidump
    2008-12-19 03:00:43 ----D---- C:\WINDOWS\ie7updates
    2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 03:02:53 ----D---- C:\Program Files\Internet Explorer
    2008-11-29 14:52:21 ----D---- C:\Program Files\MSN Games
    2008-11-29 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
    R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
    R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-14 27992]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-25 25280]
    R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-27 84992]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-19 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 59264]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-02-18 17152]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 ai4pagom;ai4pagom; C:\WINDOWS\system32\drivers\ai4pagom.sys []
    S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
    S3 ayuj6rcd;ayuj6rcd; C:\WINDOWS\system32\drivers\ayuj6rcd.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-04-11 20496]
    S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
    S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-21 152984]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
    S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

    -----------------EOF-----------------
    a c 267 8 Sécurité
    a b 9 Windows
    22 Février 2009 20:17:26

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS