virus et site x

[jolindien]

Bonjour
un logiciel nommé user protection s'est installé et m'envoie des messages d'alertes constamment !!! De plus des icones de sites de culs se mettent sur mon bureaux lorsque je vais sur internet (et pas forcement si je vais sur des sites porno).Je peux les mettre dans la corbeille et la vider mais ça recommence plus tard quand je retourne sur le net.
J'ai installé spybot : il a trouvé plein de truc que j'ai pu enlevé et un que je n'ai pas pu enlever car il est en cours d'execution : user protection ! impossible de le désinstaller ! il apparait à droite dans la barre des tâches
je suis sur windows vista.
Help me please !!!!!!!!!!!!!!!!!!

[jeanmimigab]

Salut et bienvenue sur PC-Infopratique,

commence par cela stp...

>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.

ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Coches les case situées devant "Scan All Users", " LOP Check" et "Purity Check".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++

[jolindien]

Merci pour ta réponse rapide et bien détaillé!
J'ai mis en route Malwarebytes mais il plante toujours au même endroit à 5 min 41 sec dans le dossier C:\Windows\system32\config\SECURITY.LOG2 (je sais pas si ça peut t'aider)
Bon je vais télécharger OTL et suivre tes indications!
MERCI
je te tiens au courant !

[jolindien]

voilà ce que me donne otl:

fichier extras.Txt

OTL Extras logfile created on: 28/03/2010 15:00:38 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Famille Aubert\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,67 Gb Total Space | 60,10 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,28 Gb Total Space | 629,27 Gb Free Space | 67,57% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MISSFRANCE
Current User Name: Famille Aubert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal



Et le fichier OTL.Txt

OTL logfile created on: 28/03/2010 15:00:38 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Famille Aubert\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,67 Gb Total Space | 60,10 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,28 Gb Total Space | 629,27 Gb Free Space | 67,57% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MISSFRANCE
Current User Name: Famille Aubert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Famille Aubert\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (SafeList) ==========

[jeanmimigab]

hello,

tu n'as que ça dans les deux rapports ?

A mon avis tu as fait une erreur en les copiant.

tu ouvre le rapport que tu veux poster et choisis "édition" >> "sélectionner tout" puis tu choisis "édition" >> "copier"

ensuite tu coller dans ta réponse

[jolindien]

bonjour!
cette fois ci je n'ai que un fichier OTL.Txt

OTL logfile created on: 28/03/2010 15:38:46 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Famille Aubert\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,67 Gb Total Space | 60,10 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,28 Gb Total Space | 629,27 Gb Free Space | 67,57% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MISSFRANCE
Current User Name: Famille Aubert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Famille Aubert\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (SafeList) ==========

MOD - C:\Users\Famille Aubert\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sfr.fr/kit/adsl/ [binary data]
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 02:14:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 02:14:30 | 000,000,000 | ---D | M]

[2008/11/21 01:37:17 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Extensions
[2010/03/27 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions
[2009/09/01 15:41:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/20 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions\npfax@microgaming.co.uk
[2010/01/31 09:31:54 | 000,002,055 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Roaming\Mozilla\FireFox\Profiles\zd0mwzur.default\searchplugins\daemon-search.xml
[2010/03/27 00:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/03/18 13:19:20 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/03/18 13:19:20 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/18 13:19:20 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/09 22:03:41 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/03/18 13:19:20 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/03/26 02:14:09 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/03/27 02:02:22 | 000,380,983 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13125 more lines...
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [fontviewxp.exe] C:\Users\Famille Aubert\AppData\Local\Temp\fontviewxp.exe File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [User Protection] C:\Program Files\User Protection\usrprot.exe File not found
O4 - Startup: C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Users\Famille Aubert\All Users\programme\poker\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... dfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.1 0.0.0.0
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/14 09:13:26 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/08/20 21:55:06 | 000,000,070 | RH-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5466a3c7-be12-11dd-ad6a-001a928234af}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\WDEULA.exe -- [2007/08/20 22:10:40 | 001,695,580 | ---- | M] (Western Digital )
O33 - MountPoints2\{db8fc776-2d77-11de-97db-001a928234af}\Shell - "" = AutoRun
O33 - MountPoints2\{db8fc776-2d77-11de-97db-001a928234af}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db9d2065-b757-11dd-9da2-001a928234af}\Shell - "" = AutoRun
O33 - MountPoints2\{db9d2065-b757-11dd-9da2-001a928234af}\Shell\AutoRun\command - "" = G:\nba2k9setup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\WDEULA.exe -- [2007/08/20 22:10:40 | 001,695,580 | ---- | M] (Western Digital )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 04:32:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\Malwarebytes
[2010/03/27 15:08:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/27 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/27 15:08:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/27 15:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/27 01:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/27 01:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/26 23:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\User Protection
[2010/03/17 01:01:44 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Documents\DVDVideoSoft
[2010/03/17 01:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/03/17 01:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/03/17 00:42:37 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\TuneUpMedia
[2010/03/17 00:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/03/17 00:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/03/17 00:40:57 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Local\Geckofx
[2010/03/17 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/03/17 00:40:25 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Local\OpenCandy
[2010/03/17 00:40:22 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\OpenCandy
[2010/03/16 20:43:08 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\PeerNetworking
[2010/03/16 19:23:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/16 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\Absolute Poker
[2010/03/16 16:54:26 | 000,000,000 | ---D | C] -- C:\Poker Application
[2010/03/16 16:27:33 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Documents\PacificPoker
[2010/03/16 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Start Menu
[2010/03/16 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
[2010/03/16 16:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[2010/03/11 04:01:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 04:01:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2007/11/19 12:31:00 | 003,686,400 | ---- | C] (Infor) -- C:\Program Files\IKEA Home Planner.exe

========== Files - Modified Within 30 Days ==========

[2010/03/28 15:37:53 | 007,077,888 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT
[2010/03/28 14:57:45 | 001,478,524 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/28 14:57:45 | 000,672,084 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/28 14:57:45 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/28 14:57:45 | 000,124,228 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/28 14:57:45 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/28 14:53:02 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/28 14:53:00 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 14:53:00 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 14:52:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 14:52:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/28 14:52:49 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 14:49:01 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 14:19:26 | 058,110,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\troj000.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\spam003.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\spam001.exe
[2010/03/27 15:08:53 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 08:40:41 | 001,865,854 | -H-- | M] () -- C:\Users\Famille Aubert\AppData\Local\IconCache.db
[2010/03/27 07:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 07:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/03/27 02:02:22 | 000,380,983 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/27 01:47:14 | 000,000,919 | ---- | M] () -- C:\Windows\wininit.ini
[2010/03/27 01:02:27 | 000,001,055 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/27 00:49:15 | 000,002,620 | ---- | M] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/25 19:41:55 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 01:46:49 | 000,243,200 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 01:01:44 | 000,001,032 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/17 00:42:43 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/03/16 20:43:09 | 000,024,206 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Roaming\UserTile.png
[2010/03/16 20:08:28 | 204,361,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/16 16:27:29 | 000,001,846 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
[2010/03/15 20:37:02 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini

========== Files Created - No Company Name ==========

[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\troj000.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\spam003.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\spam001.exe
[2010/03/27 15:08:53 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 01:46:53 | 000,000,919 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/27 01:02:27 | 000,001,055 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/26 23:55:41 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/17 01:01:44 | 000,001,032 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/17 00:42:43 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/03/16 20:43:09 | 000,024,206 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Roaming\UserTile.png
[2010/03/16 16:27:29 | 000,001,846 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
[2009/02/01 22:11:03 | 000,001,727 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/21 11:29:26 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/11/21 11:29:26 | 000,022,328 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Roaming\PnkBstrK.sys
[2008/11/21 11:09:25 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/21 01:04:02 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/21 00:11:51 | 000,243,200 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 23:56:15 | 000,000,907 | R--- | C] () -- C:\Windows\System32\AsusSetup.ini
[2008/11/20 23:56:15 | 000,000,263 | R--- | C] () -- C:\Windows\System32\raidmgmt.ini
[2008/11/20 23:56:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/11/20 23:55:59 | 000,012,230 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/11/20 23:44:09 | 000,000,680 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\d3d9caps.dat
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/01/21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2008/12/12 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\2K Sports
[2010/03/16 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Absolute Poker
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools Lite
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools Pro
[2009/07/12 22:42:51 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Image Zone Express
[2009/02/18 09:30:49 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Kingston
[2010/03/15 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Microgaming
[2010/03/17 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\OpenCandy
[2008/11/29 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Opera
[2010/03/16 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
[2010/03/16 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\PeerNetworking
[2009/03/31 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Printer Info Cache
[2010/03/25 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\TeraCopy
[2010/03/25 22:46:37 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\TuneUpMedia
[2010/03/27 07:55:59 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2006/12/22 14:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) MD5=7D58CA2B284B41351F5176EACA1173C6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 14:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 04:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 04:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >



Y'a un truc que j'ai oublié de dire :
sur mon bureau il y a des raccourcis qui se mettent dès l'allumage du pc
troj000
spam003
spam001

Merci!

[jeanmimigab]

hello,

peux tu naviguer jusqu'a ce fichier et me dire ce qu'il contient en gras >> C:\Windows\wininit.ini

pour cela, tu fait un clic droit dessus et tu choisis "modifier", puis tu copie ce qu'il contient pour me le poster stp...

j'ai besoin de savoir cela pour te préparer la suite

Au début, je t'ai demander cela...* Télécharge >> OTL <<sur ton bureau.

donc tu le supprime du dossier C:\Users\Famille Aubert\Downloads pour le copier sur ton bureau et tu refais un scan comme demander la première fois.

Suis bien les instructions que je t'indique, c'est important !

[jolindien]

ok merci !
je te mets ce que j'ai trouvé sur le fichier
après je relance un scan et je te dis ce que je trouve
(tiens c'est marrant : everest poker apparait ; j'ai essayé de l'ouvrir de mon bureau mais le raccourci ne fonctionnait pas j'ai donc remplacé par un autre raccoucis de everest poker)


[rename]
c:\tempjunk1871.tmp=C:\Program Files\User Protection\usrhook.dll_old
nul=c:\tempjunk635.tmp
c:\tempjunk4594.tmp=C:\Program Files\Everest Poker\casino.exe
c:\tempjunk9064.tmp=C:\Program Files\Everest Poker\gvcrt.dll
c:\tempjunk3011.tmp=C:\Program Files\Everest Poker\gvmain.exe
c:\tempjunk4988.tmp=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
c:\tempjunk8236.tmp=C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
c:\tempjunk3126.tmp=C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
c:\tempjunk4751.tmp=C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
c:\tempjunk4788.tmp=C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
c:\tempjunk9988.tmp=C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
c:\tempjunk635.tmp=C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg

[jolindien]

Bon je ne comprend pas mais l'icone user protection en bas à droite de la barre des taches a disparu et je n'ai plus de message d'alerte! tant mieux ! Par contre j'ai toujours les 3 raccourcis sur mon bureau : spam001 , spam003 , troj000
Je peux les supprimer mais ils réapparaissent à chaque démarrage

voici ce que me donne OTL cette fois il me donne 2 fichiers .Txt

fichier OTL.Txt

OTL logfile created on: 28/03/2010 18:20:24 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Famille Aubert\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,67 Gb Total Space | 60,00 Gb Free Space | 39,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,28 Gb Total Space | 629,27 Gb Free Space | 67,57% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MISSFRANCE
Current User Name: Famille Aubert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Famille Aubert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (SafeList) ==========

MOD - C:\Users\Famille Aubert\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sfr.fr/kit/adsl/ [binary data]
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 23:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 02:14:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 02:14:30 | 000,000,000 | ---D | M]

[2008/11/21 01:37:17 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Extensions
[2008/11/21 01:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/03/28 15:45:22 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions
[2009/09/01 15:41:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/20 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions\npfax@microgaming.co.uk
[2010/01/31 09:31:54 | 000,002,055 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Roaming\Mozilla\FireFox\Profiles\zd0mwzur.default\searchplugins\daemon-search.xml
[2010/03/28 15:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/03/26 02:14:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/27 10:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/08 11:21:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/09 08:53:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/03/26 02:14:06 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2010/03/26 02:14:06 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/03/09 05:19:09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2010/03/26 02:14:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 14:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/02/16 18:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/02/16 18:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2010/03/18 13:19:20 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/03/18 13:19:20 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/18 13:19:20 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/03/18 13:19:20 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/09 22:03:41 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/03/18 13:19:20 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/03/26 02:14:09 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/03/27 02:02:22 | 000,380,983 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13125 more lines...
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [fontviewxp.exe] C:\Users\Famille Aubert\AppData\Local\Temp\fontviewxp.exe File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [User Protection] C:\Program Files\User Protection\usrprot.exe File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Users\Famille Aubert\All Users\programme\poker\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... dfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.1 0.0.0.0
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/14 09:13:26 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/08/20 21:55:06 | 000,000,070 | RH-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5466a3c7-be12-11dd-ad6a-001a928234af}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\WDEULA.exe -- [2007/08/20 22:10:40 | 001,695,580 | ---- | M] (Western Digital )
O33 - MountPoints2\{db8fc776-2d77-11de-97db-001a928234af}\Shell - "" = AutoRun
O33 - MountPoints2\{db8fc776-2d77-11de-97db-001a928234af}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db9d2065-b757-11dd-9da2-001a928234af}\Shell - "" = AutoRun
O33 - MountPoints2\{db9d2065-b757-11dd-9da2-001a928234af}\Shell\AutoRun\command - "" = G:\nba2k9setup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\WDEULA.exe -- [2007/08/20 22:10:40 | 001,695,580 | ---- | M] (Western Digital )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 16:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker
[2010/03/28 14:50:07 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Famille Aubert\Desktop\OTL.exe
[2010/03/27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\Malwarebytes
[2010/03/27 15:08:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/27 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/27 15:08:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/27 15:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/27 01:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/27 01:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/26 23:55:41 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/26 23:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\User Protection
[2010/03/17 01:01:44 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Documents\DVDVideoSoft
[2010/03/17 01:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/03/17 01:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/03/17 00:42:37 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\TuneUpMedia
[2010/03/17 00:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/03/17 00:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/03/17 00:40:57 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Local\Geckofx
[2010/03/17 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/03/17 00:40:25 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Local\OpenCandy
[2010/03/17 00:40:22 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\OpenCandy
[2010/03/16 20:43:09 | 000,024,206 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Roaming\UserTile.png
[2010/03/16 20:43:08 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\PeerNetworking
[2010/03/16 19:23:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/16 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\Absolute Poker
[2010/03/16 16:54:26 | 000,000,000 | ---D | C] -- C:\Poker Application
[2010/03/16 16:27:33 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Documents\PacificPoker
[2010/03/16 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Start Menu
[2010/03/16 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
[2010/03/11 04:01:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 04:01:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/03/06 23:45:06 | 002,877,891 | -H-- | C] () -- C:\Users\Famille Aubert\AppData\Local\IconCache.db
[2009/02/01 22:11:03 | 000,001,727 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/21 11:29:26 | 000,022,328 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Roaming\PnkBstrK.sys
[2008/11/21 00:15:06 | 000,089,104 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/11/21 00:11:51 | 000,243,200 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 23:44:09 | 000,000,680 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\d3d9caps.dat
[2007/11/19 12:31:00 | 003,686,400 | ---- | C] (Infor) -- C:\Program Files\IKEA Home Planner.exe
[2006/11/02 14:49:43 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 14:35:51 | 000,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 14:35:51 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 14:35:51 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:35:51 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2010/03/28 18:14:30 | 007,077,888 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT
[2010/03/28 17:49:10 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 17:17:11 | 001,478,524 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/28 17:17:11 | 000,672,084 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/28 17:17:11 | 000,588,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/28 17:17:11 | 000,124,228 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/28 17:17:11 | 000,100,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/28 17:09:25 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/28 17:09:23 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 17:09:23 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 17:09:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 17:09:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/28 17:09:13 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 17:07:53 | 000,524,288 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 17:07:53 | 000,065,536 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/03/28 17:06:55 | 002,877,891 | -H-- | M] () -- C:\Users\Famille Aubert\AppData\Local\IconCache.db
[2010/03/28 16:54:42 | 000,000,569 | ---- | M] () -- C:\Windows\win.ini
[2010/03/28 16:54:41 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\Everest Poker.lnk
[2010/03/28 14:50:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Famille Aubert\Desktop\OTL.exe
[2010/03/28 14:19:26 | 058,110,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\troj000.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\spam003.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\spam001.exe
[2010/03/27 15:08:53 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 02:02:22 | 000,380,983 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/27 01:47:14 | 000,000,919 | ---- | M] () -- C:\Windows\wininit.ini
[2010/03/27 01:02:27 | 000,001,055 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/27 00:49:15 | 000,002,620 | ---- | M] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/25 19:41:55 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 01:46:49 | 000,243,200 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 01:01:44 | 000,001,032 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/17 00:42:43 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/03/16 20:43:09 | 000,024,206 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Roaming\UserTile.png
[2010/03/16 20:08:28 | 204,361,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/16 16:27:29 | 000,001,846 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
[2010/03/15 20:37:02 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini

========== Files Created - No Company Name ==========

[2010/03/28 16:54:41 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\Everest Poker.lnk
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\troj000.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\spam003.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\spam001.exe
[2010/03/27 15:08:53 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 01:46:53 | 000,000,919 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/27 01:02:27 | 000,001,055 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/26 23:55:41 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/17 01:01:44 | 000,001,032 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/17 00:42:43 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/03/16 16:27:29 | 000,001,846 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
[2008/11/21 11:29:26 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/11/21 11:09:25 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/21 01:04:02 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/20 23:56:15 | 000,000,907 | R--- | C] () -- C:\Windows\System32\AsusSetup.ini
[2008/11/20 23:56:15 | 000,000,263 | R--- | C] () -- C:\Windows\System32\raidmgmt.ini
[2008/11/20 23:56:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/11/20 23:55:59 | 000,012,230 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/01/21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2008/12/12 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\2K Sports
[2010/03/16 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Absolute Poker
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools Lite
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools Pro
[2009/07/12 22:42:51 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Image Zone Express
[2009/02/18 09:30:49 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Kingston
[2010/03/15 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Microgaming
[2010/03/17 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\OpenCandy
[2008/11/29 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Opera
[2010/03/16 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
[2010/03/16 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\PeerNetworking
[2009/03/31 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Printer Info Cache
[2010/03/25 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\TeraCopy
[2010/03/25 22:46:37 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\TuneUpMedia
[2010/03/28 17:07:31 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2006/12/22 14:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) MD5=7D58CA2B284B41351F5176EACA1173C6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 14:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 04:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 04:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >




Fichier OTL.Txt


OTL logfile created on: 28/03/2010 18:20:24 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Famille Aubert\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,67 Gb Total Space | 60,00 Gb Free Space | 39,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,28 Gb Total Space | 629,27 Gb Free Space | 67,57% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MISSFRANCE
Current User Name: Famille Aubert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Famille Aubert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (SafeList) ==========

MOD - C:\Users\Famille Aubert\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sfr.fr/kit/adsl/ [binary data]
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 23:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 02:14:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 02:14:30 | 000,000,000 | ---D | M]

[2008/11/21 01:37:17 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Extensions
[2008/11/21 01:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/03/28 15:45:22 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions
[2009/09/01 15:41:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/20 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\mozilla\Firefox\Profiles\zd0mwzur.default\extensions\npfax@microgaming.co.uk
[2010/01/31 09:31:54 | 000,002,055 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Roaming\Mozilla\FireFox\Profiles\zd0mwzur.default\searchplugins\daemon-search.xml
[2010/03/28 15:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/03/26 02:14:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/27 10:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/08 11:21:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/09 08:53:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/03/26 02:14:06 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2010/03/26 02:14:06 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/03/09 05:19:09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2010/03/26 02:14:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 14:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/02/16 18:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/02/16 18:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/02/16 18:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2010/03/18 13:19:20 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/03/18 13:19:20 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/18 13:19:20 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/03/18 13:19:20 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/09 22:03:41 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/03/18 13:19:20 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/03/26 02:14:09 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/03/27 02:02:22 | 000,380,983 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13125 more lines...
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [fontviewxp.exe] C:\Users\Famille Aubert\AppData\Local\Temp\fontviewxp.exe File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [User Protection] C:\Program Files\User Protection\usrprot.exe File not found
O4 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3442658532-1765674724-180545517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Users\Famille Aubert\All Users\programme\poker\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... dfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.1 0.0.0.0
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/14 09:13:26 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/08/20 21:55:06 | 000,000,070 | RH-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5466a3c7-be12-11dd-ad6a-001a928234af}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\WDEULA.exe -- [2007/08/20 22:10:40 | 001,695,580 | ---- | M] (Western Digital )
O33 - MountPoints2\{db8fc776-2d77-11de-97db-001a928234af}\Shell - "" = AutoRun
O33 - MountPoints2\{db8fc776-2d77-11de-97db-001a928234af}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db9d2065-b757-11dd-9da2-001a928234af}\Shell - "" = AutoRun
O33 - MountPoints2\{db9d2065-b757-11dd-9da2-001a928234af}\Shell\AutoRun\command - "" = G:\nba2k9setup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\WDEULA.exe -- [2007/08/20 22:10:40 | 001,695,580 | ---- | M] (Western Digital )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 16:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker
[2010/03/28 14:50:07 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Famille Aubert\Desktop\OTL.exe
[2010/03/27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\Malwarebytes
[2010/03/27 15:08:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/27 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/27 15:08:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/27 15:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/27 01:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/27 01:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/26 23:55:41 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/26 23:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\User Protection
[2010/03/17 01:01:44 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Documents\DVDVideoSoft
[2010/03/17 01:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/03/17 01:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/03/17 00:42:37 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\TuneUpMedia
[2010/03/17 00:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/03/17 00:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/03/17 00:40:57 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Local\Geckofx
[2010/03/17 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/03/17 00:40:25 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Local\OpenCandy
[2010/03/17 00:40:22 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\OpenCandy
[2010/03/16 20:43:09 | 000,024,206 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Roaming\UserTile.png
[2010/03/16 20:43:08 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\PeerNetworking
[2010/03/16 19:23:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/16 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\Absolute Poker
[2010/03/16 16:54:26 | 000,000,000 | ---D | C] -- C:\Poker Application
[2010/03/16 16:27:33 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Documents\PacificPoker
[2010/03/16 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\Start Menu
[2010/03/16 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
[2010/03/11 04:01:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 04:01:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/03/06 23:45:06 | 002,877,891 | -H-- | C] () -- C:\Users\Famille Aubert\AppData\Local\IconCache.db
[2009/02/01 22:11:03 | 000,001,727 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/21 11:29:26 | 000,022,328 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Roaming\PnkBstrK.sys
[2008/11/21 00:15:06 | 000,089,104 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/11/21 00:11:51 | 000,243,200 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 23:44:09 | 000,000,680 | ---- | C] () -- C:\Users\Famille Aubert\AppData\Local\d3d9caps.dat
[2007/11/19 12:31:00 | 003,686,400 | ---- | C] (Infor) -- C:\Program Files\IKEA Home Planner.exe
[2006/11/02 14:49:43 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 14:35:51 | 000,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 14:35:51 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 14:35:51 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:35:51 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2010/03/28 18:14:30 | 007,077,888 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT
[2010/03/28 17:49:10 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 17:17:11 | 001,478,524 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/28 17:17:11 | 000,672,084 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/28 17:17:11 | 000,588,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/28 17:17:11 | 000,124,228 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/28 17:17:11 | 000,100,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/28 17:09:25 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/28 17:09:23 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 17:09:23 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 17:09:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 17:09:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/28 17:09:13 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 17:07:53 | 000,524,288 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 17:07:53 | 000,065,536 | -HS- | M] () -- C:\Users\Famille Aubert\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/03/28 17:06:55 | 002,877,891 | -H-- | M] () -- C:\Users\Famille Aubert\AppData\Local\IconCache.db
[2010/03/28 16:54:42 | 000,000,569 | ---- | M] () -- C:\Windows\win.ini
[2010/03/28 16:54:41 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\Everest Poker.lnk
[2010/03/28 14:50:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Famille Aubert\Desktop\OTL.exe
[2010/03/28 14:19:26 | 058,110,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\troj000.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\spam003.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | M] () -- C:\Users\Public\Desktop\spam001.exe
[2010/03/27 15:08:53 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 02:02:22 | 000,380,983 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/27 01:47:14 | 000,000,919 | ---- | M] () -- C:\Windows\wininit.ini
[2010/03/27 01:02:27 | 000,001,055 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/27 00:49:15 | 000,002,620 | ---- | M] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/25 19:41:55 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 01:46:49 | 000,243,200 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 01:01:44 | 000,001,032 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/17 00:42:43 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/03/16 20:43:09 | 000,024,206 | ---- | M] () -- C:\Users\Famille Aubert\AppData\Roaming\UserTile.png
[2010/03/16 20:08:28 | 204,361,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/16 16:27:29 | 000,001,846 | ---- | M] () -- C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
[2010/03/15 20:37:02 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini

========== Files Created - No Company Name ==========

[2010/03/28 16:54:41 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\Everest Poker.lnk
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\troj000.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\spam003.exe
[2010/03/27 15:13:06 | 000,021,504 | ---- | C] () -- C:\Users\Public\Desktop\spam001.exe
[2010/03/27 15:08:53 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 01:46:53 | 000,000,919 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/27 01:02:27 | 000,001,055 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/26 23:55:41 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/17 01:01:44 | 000,001,032 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/17 00:42:43 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/03/16 16:27:29 | 000,001,846 | ---- | C] () -- C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
[2008/11/21 11:29:26 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/11/21 11:09:25 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/21 01:04:02 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/20 23:56:15 | 000,000,907 | R--- | C] () -- C:\Windows\System32\AsusSetup.ini
[2008/11/20 23:56:15 | 000,000,263 | R--- | C] () -- C:\Windows\System32\raidmgmt.ini
[2008/11/20 23:56:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/11/20 23:55:59 | 000,012,230 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/01/21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2008/12/12 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\2K Sports
[2010/03/16 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Absolute Poker
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools Lite
[2008/12/12 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\DAEMON Tools Pro
[2009/07/12 22:42:51 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Image Zone Express
[2009/02/18 09:30:49 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Kingston
[2010/03/15 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Microgaming
[2010/03/17 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\OpenCandy
[2008/11/29 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Opera
[2010/03/16 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
[2010/03/16 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\PeerNetworking
[2009/03/31 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\Printer Info Cache
[2010/03/25 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\TeraCopy
[2010/03/25 22:46:37 | 000,000,000 | ---D | M] -- C:\Users\Famille Aubert\AppData\Roaming\TuneUpMedia
[2010/03/28 17:07:31 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2006/12/22 14:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) MD5=7D58CA2B284B41351F5176EACA1173C6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 14:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 04:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 04:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

< MD5 for: [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA CORPORATION) >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (INTEL CORPORATION) >
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: [2006/12/22 14:07:04 | 000,122,880 | ---- | M] (NVIDIA CORPORATION) >
[2006/12/22 14:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvrd32.sys

< MD5 for: [2006/12/22 14:07:10 | 000,093,696 | ---- | M] (NVIDIA CORPORATION) >
[2006/12/22 14:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0dae490e\nvstor32.sys

< MD5 for: [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA CORPORATION) >
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: [2008/01/21 04:21:09 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< MD5 for: [2008/01/21 04:21:09 | 000,056,376 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

< MD5 for: [2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA CORPORATION) >
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: [2008/01/21 04:21:31 | 000,235,064 | ---- | M] (INTEL CORPORATION) >
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< MD5 for: [2008/01/21 04:22:13 | 000,592,384 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: [2008/01/21 04:22:59 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2008/01/21 04:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 04:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 04:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

[jeanmimigab]

hello,

ça c'est infectieux !

c:\tempjunk1871.tmp=C:\Program Files\User Protection\usrhook.dll_old

supprime cette ligne du fichier wininit.ini >> clique sur "fichier" >> "enregistrer" >> et ferme le...

si tu as un message d'erreur qui apparait, dit le moi.

ensuite...

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

:files
C:\Users\Public\Desktop\troj000.exe
C:\Users\Public\Desktop\spam003.exe
C:\Users\Public\Desktop\spam001.exe
C:\Users\Famille Aubert\troj000.exe
C:\Users\Famille Aubert\spam003.exe
C:\Users\Famille Aubert\spam001.exe
C:\ProgramData\fiosejgfse.dll
C:\Program Files\User Protection
C:\Users\Famille Aubert\AppData\Local\OpenCandy
C:\Users\Famille Aubert\AppData\Roaming\OpenCandy

:OTL
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Users\Famille Aubert\All Users\programme\poker\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe ()
:Commands
[emptytemp]
[EMPTYFLASH]

* Cliques sur l'icône "Run Fix" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++

[jolindien]

ok merci !!
par contre pour le scan OTL je n'ai pas coché les cases "Scan all user , LOP check et purity check " comme les première fois

voilà ce que me donne le scan OTL

========== FILES ==========
C:\Users\Public\Desktop\troj000.exe moved successfully.
C:\Users\Public\Desktop\spam003.exe moved successfully.
C:\Users\Public\Desktop\spam001.exe moved successfully.
File\Folder C:\Users\Famille Aubert\troj000.exe not found.
File\Folder C:\Users\Famille Aubert\spam003.exe not found.
File\Folder C:\Users\Famille Aubert\spam001.exe not found.
C:\ProgramData\fiosejgfse.dll moved successfully.
C:\Program Files\User Protection folder moved successfully.
C:\Users\Famille Aubert\AppData\Local\OpenCandy folder moved successfully.
C:\Users\Famille Aubert\AppData\Roaming\OpenCandy folder moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
C:\Users\Famille Aubert\All Users\programme\poker\PokerStarsUpdate.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\ not found.
C:\Poker\Noble Poker\casino.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\ not found.
File C:\Poker\Noble Poker\casino.exe not found.

OTL by OldTimer - Version 3.1.37.3 log created on 03282010_193048

[jeanmimigab]

hello,

c'est pas mal, fait cela stp...

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le raccourcie pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

ensuite dit moi si tu as toujours c'est fameux raccourcis qui apparaissent

[jolindien]

Je viens de redémarrer mon PC ....Les raccourcis bizarre sur mon bureau ont disparus !!!!!!!
Merci beaucoup !!!!!
je continue la manip que tu m'as indiqué et je te post ce que je trouve

[jolindien]

Voilà j'ai nettoyé avec le logiciel AD-remover je n'ai plus les raccourcis bizarres et d'autres qui ont disparus aussi
voici le rapport

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 27/03/10 à 10:40
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:14:43 le 28/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows Vista™ Ultimate Service Pack 1 - X86
Nom du PC: MISSFRANCE | Utilisateur actuel: Famille Aubert (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Poker\Poker 770
C:\Program Files\Everest Poker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PartyPoker.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pacific Poker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
C:\Programs\PartyGaming
C:\Users\Famille Aubert\AppData\Local\PokerStars
C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Pacific Poker.lnk
C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pacific Poker
C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PartyPoker
C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
C:\Users\Famille Aubert\AppData\Roaming\PacificPoker
C:\Users\Famille Aubert\Desktop\Pacific Poker.lnk
C:\Users\Famille Aubert\Desktop\PartyPoker.lnk
C:\Users\Famille Aubert\Documents\PacificPoker
C:\Users\Public\Desktop\Everest Poker.lnk
C:\Users\Public\Desktop\Poker 770.lnk

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Grand Virtual
HKCU\Software\pacificpoker
HKCU\Software\PartyGaming
HKCU\Software\Poker 770
HKCU\Software\pokerinstaller
HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pacific Poker
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770
HKLM\Software\Poker 770
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\ARA.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\browser.jar
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\browser.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\classic.jar
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\classic.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\comm.jar
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\comm.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\en-US.jar
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\en-US.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\pippki.jar
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\pippki.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\toolkit.jar
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\chrome\toolkit.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\browsercompsbase.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\caps.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\caps.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\chardet.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\chrome.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\chrome.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\composer.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\composer.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\content_base.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\content_html.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\content_htmldoc.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\content_xmldoc.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\content_xslt.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\content_xtf.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\docshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\docshell_base.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_base.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_canvas.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_core.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_css.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_events.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_html.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_loadsave.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_range.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_sidebar.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_storage.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_stylesheets.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_traversal.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_views.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_xbl.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_xpath.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\dom_xul.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\editor.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\editor.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\embed_base.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\embedcomponents.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\exthandler.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\gfx.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\gkgfxwin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\gklayout.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\gkparser.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\gkplugin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\gkwidget.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\history.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\htmlparser.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\i18n.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\imgicon.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\imgicon.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\imglib2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\imglib2.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\inspector.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\intl.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\intlcmpt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\intlcmpt.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\jar.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\jar50.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\layout_base.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\layout_printing.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\layout_xul.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\layout_xul_tree.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\locale.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\lwbrk.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\mimetype.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\mork.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\mozbrwsr.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\mozfind.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\mozfind.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_about.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_cache.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_cookie.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_data.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_dns.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_file.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_ftp.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_http.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_res.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_socket.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_strconv.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko_viewsource.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\necko2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\oji.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\passwordmgr.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pipboot.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pipboot.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pipnss.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pipnss.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pippki.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pippki.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\plugin.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\pref.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\prefetch.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\profile.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\rdf.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\rdf.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\txmgr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\txmgr.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\txtsvc.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\uconv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\uconv.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\ucvmath.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\unicharutil.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\update.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\uriloader.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\urlformatter.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\webBrowser_core.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\webbrowserpersist.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\webbrwsr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\webshell_idls.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\widget.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\windowds.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\windowwatcher.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpc3250.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_base.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_compat_c.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_components.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_ds.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_io.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_obsolete.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_thread.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpcom_xpti.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xpconnect.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xppref32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xulapp.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xuldoc.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\components\xultmpl.xpt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\defaults\pref\PG_Pref.js
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\dependentlibs.list
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\DID.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\DM.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\freebl3.chk
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\freebl3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\gkgfx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\greprefs\all.js
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\greprefs\security-prefs.js
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\habeas_webseal.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_1.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_10.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_11.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_12.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_13.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_14.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_15.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_16.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_17.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_18.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_19.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_2.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_20.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_21.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_22.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_23.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_24.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_3.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_4.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_5.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_6.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_7.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_8.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\images\PlayerImage_9.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\js3250.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\Language\en_US\lang_pack_en_US.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\libeay32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\llh.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\MFC42LU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\mozz.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\MSLUP60.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\MSLURT.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\nspr4.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\nss3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\nssckbi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\format.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\GRA.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\allLangVersion.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\en_US\lang_pack_en_US.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\en_US\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\account_but_newacocunt.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\allversion.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\BB-Numbers-comma.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\BB-Numbers-dot.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\bonus-icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\bottom-banners-left-buttons.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\bottom-banners-right-buttons.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but_account.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but_fullscreen.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but_skin.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but_skin.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but_skin_account.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\but_skin_sliver.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_bottom.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_bottom_right.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_bottom_seperator.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_gradient.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_top.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_top_header.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\client_top_left.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Common_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Common_background_minimised.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Common_buttons_380x23.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Common_CloseContainer_black.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Common_CloseContainer_white.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\create_account.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\currencyswitch_down.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\currencyswitch_up.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\down_arrow.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\down_arrow_o.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\clicksound.mp3
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\Common_tabInActive1.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\en_US.zip
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\evolutionscreen.swf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\flex_skins.swf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\fr_FR.zip
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\main_screen.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\main_screen_ext.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\mpbj_game_screen.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\mpbj_game_screen_exp.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\MPBJFC.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\open_game_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\product_assets.swf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\tab_game_info.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\tab_level_info.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\tab_players.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\tab_Trny_info.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\table_title_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\table_title_background_sel.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\VCCasino.swf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\VCMainApp.swf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\flashlobby\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\addplaymoney_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\aud.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\autospincancel_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\autospinoptions_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\autospinstart_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\balance_strip.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_botbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_cancelbutton.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_cashierbutton.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_midbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_newbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_okbutton.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_playnow_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\buyin_topbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\BuyInConfig.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\cad.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\cashier_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\cashout_midbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\cent_strip.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\chf.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\chips.wav
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\czk.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\deck_images.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\dkk.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\eur.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\exit_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\format.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\frame.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\frame_payoff.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\frame_rules.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\game_topbar_pff.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\gamelogs_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\gbp.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\hkd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\huf.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\ils.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\inr.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jackpotwin_bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jackpotwin_bg_others.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jp_congrats_anim.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jp_others_congrats.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jp_others_header.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jp_win_close.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\jpy.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\krw.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\myr.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\nok.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\nzd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\php.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\pln.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\popup_but_cancel.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\popup_but_cashier.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\popup_but_ok.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\popup_buyin_but_all.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\popup_buyin_tab.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\PushBut.wav
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\qd_cashier_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\qd_exit_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\qd_gamelogs_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\qd_version_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\quickdeposit_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\ron.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\rur.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\sek.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\sgd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\skk.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\slot_bonus_frame.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\slot_frame.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\status_dlg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\sys_icons.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\system_but_close.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\system_but_inactive_close.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\system_but_inactive_minimise.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\system_but_minimise.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\table_logo.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\thb.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\trny_buyin_botbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\try.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\twd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\usd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\version_button.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\win.wav
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\WLConfig.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\games\zar.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\icon_three.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\icon_ticked.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\JP_BJ_Background.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\left_bottom.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\level_icons_bronze.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\level_icons_gold.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\level_icons_pal.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\level_icons_pal_eilte.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\level_icons_silver.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_account.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_account_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_account_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_account_divider.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_ani_refresh.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_background.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_badbeat_jackpot.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_bar_jackpot_numbers.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_bar_jackpot_numbers.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_bar_jackpot_numbers_small.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_bar_jackpot_numbers_small.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_bar_news.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_cashout.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_deposit.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_deposit_large.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_options.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_redeem.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_refresh.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_reload_play.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_but_status.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_cashier.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_cashier_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_casino.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_casino_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_collapse.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_details_open.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_expand.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_gammon.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_gammon_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_link_arrow.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_menu_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_poker.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_poker_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_preferences.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_preferences_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_separator.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_separator_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_separator_collapse.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_store.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_store_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_sub_nav.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_support.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_support_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lhn_tab_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\LHN-sub-menu.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\loading.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lobby_but.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\lobby_skin.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\LobbyClock.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Mainarea-Collapse-button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Mainarea-Expand-button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Main-area-top-bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-collapse-close-buttons.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-collapse-open-buttons.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-deposit-buttons.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-minimised-bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-refresh-icon.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-slider-bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\MAT-slider-green.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\Message-icon.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\new-mail-icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\no-mail-icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\PartyCasino.ico
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\password_status_help.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\password_status_strength.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\pokerLobby_bonusBack.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\pokerLobby_depositButtonLarge.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\pokerLobby_leftHandIconPoker.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\popup_login_bottom.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\popup_login_top.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\popup_register_bottomleft.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\popup_register_top.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\sign_up.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\skin.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\skin_account.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\spacer.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\splash_screen_bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\star_icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_bets.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_bets_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_bingo.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_bingo_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_casino.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_casino_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_casino-27.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_connected.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_connected_good.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_connected_poor.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_disconnected.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_gammon.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_gammon_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_poker.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_poker_collapse.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_security.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\system_but_security.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\ticker_bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\up_arrow.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\up_arrow_o.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\vip.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\images\vip_elite.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\lang_pack_fr_FR.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\fr_FR\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\language\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\lobby.xml
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\lobbyconfig.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\PartyCasino.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\sys.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\programs\partygaming\PartyCasino\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\PartyGaming.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\PGImageDll.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\plc4.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\plds4.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\plugins\npnul32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\res\forms.css
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\res\html.css
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\res\mathml.css
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\res\quirk.css
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\res\ua.css
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\smime3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\softokn3.chk
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\softokn3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\ssl3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\ssleay32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\ArticleManager.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\CleanUp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\CleanUp.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\defaults\pref\PG_Pref.js
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\DID.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\images\habeas_webseal.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\libeay32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\llh.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\PartyGaming.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\PGBrowser.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\PGDetector.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\PGImageDll.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\programs\partygaming\tmpUpgrade\..\ssleay32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\UNICOWS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\xpcom.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\xpcom_compat.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\xpcom_core.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Programs\PartyGaming\zlib1.dll
.
(Orpheline) HKLM,Run - RtHDVCpl - RtHDVCpl.exe
(Orpheline) HKLM,Run - WD Button Manager - WDBtnMgr.exe
Orpheline BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.2pre (fr) *
.
C:\Users\Famille Aubert\..\zd0mwzur.default\prefs.js - browser.download.dir: C:\\Users\\Famille Aubert\\Downloads
C:\Users\Famille Aubert\..\zd0mwzur.default\prefs.js - browser.download.lastDir: C:\\Users\\Famille Aubert\\Pictures
C:\Users\Famille Aubert\..\zd0mwzur.default\prefs.js - browser.startup.homepage: hxxp://fr.start3.mozilla.com/firefox?cl ... r:official
C:\Users\Famille Aubert\..\zd0mwzur.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.2
C:\Users\Famille Aubert\..\zd0mwzur.default\prefs.js - keyword.URL: hxxp://redirecterror.sfr.fr/?q=
C:\Users\Famille Aubert\..\zd0mwzur.default\user.js - keyword.URL: hxxp://redirecterror.sfr.fr/?q=
.
.
* Internet Explorer Version 8.0.6001.18882 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Users\FAMILL~1\AppData\Local\Temp: 3 Fichier(s), 191 Dossier(s)
C:\Windows\temp: 0 Fichier(s), 316 Dossier(s)
C:\Users\Famille Aubert\AppData\Roaming\Microsoft\Windows\Cookies: 2 Fichier(s), 2 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 19 Dossier(s)
.
C:\Ad-Remover\Quarantine: 15195 Fichier(s)
C:\Ad-Remover\Backup: 15 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 64277 Octet(s)
.
Fin à: 20:21:29, 28/03/2010
.
============== E.O.F - CLEAN[1] ==============

[jeanmimigab]

he ben , rien que ça

tu auras compris que les noms des logiciel apparaissant dans le rapport sont infectieux (Everest Poker\PartyPoker\Pacific Poker\PokerStars etc;...) ne doivent pas être réinstallés...

desinstalle malwarebytes de ton pc...>> redémarre ton pc et télécharge une nouvelle version de Malwarebytes

installe la et fait un scan rapide pour me poster le rapport, cette fois il devrait fonctionné