Virus personal pro shield

Résolu/Fermé
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 - 24 sept. 2011 à 11:22
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 - 25 sept. 2011 à 15:23
Bonjour, j ai suivi les 3 etapes afin de supprimer le virus a savoir rogue killer ensuite malawares bytes et enfin combofix maintenant je ne sais pas quoi faire du rapport de combofix merci de votre aide .



A voir également:

24 réponses

kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
24 sept. 2011 à 11:35
Bonjour et Bienvenue sur CCM

Nous allons utiliser cet outil de diagnostic afin d'identifier les problèmes de ton ordinateur.

Télécharge OTL (de OldTimer) sur ton Bureau.

Ferme toutes tes applications en cours

● Lance OTL.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● L'interface principale s'ouvre :
● Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
● Coche la case également Tous les utilisateurs
Laisse tous les autres paramètres par défaut
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation :

netsvcs 
/md5start
volsnap.*
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
/md5stop
%temp%\*.exe /s 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%ALLUSERSPROFILE%\Application Data\*.
%APPDATA%\*.exe /s 
%APPDATA%\*.
%SYSTEMDRIVE%\*.exe 
%systemroot%\*. /mp /s 
%systemroot%\system32\*.dll /lockedfiles 
%systemroot%\Tasks\*.job /lockedfiles 
%systemroot%\system32\drivers\*.sys /lockedfiles 
%systemroot%\assembly\tmp\*.* /s 
hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s 
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
SAVEMBR:0 
CREATERESTOREPOINT 

● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● 2 rapports vont s'ouvrir au format bloc-note :
OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
Ne les poste pas sur le forum, ils seraient trop long
● Héberge les sur un des sites suivants :
https://www.cjoint.com/
http://www.cijoint.fr/
http://pjjoint.malekal.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message.

2. Héberge également les rapport de MBAM et ComboFix (ne relance pas les outils) et donne moi les 2 liens afin que je puisse les consulter.


A +
1
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
24 sept. 2011 à 17:50
# AdwCleaner v1.307 - Rapport créé le 24/09/2011 à 17:50:10
# Mis à jour le 19/09/11 à 09h par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : loran - LORAN-F29DDDC51 (Administrateur)
# Exécuté depuis : C:\Documents and Settings\loran\Bureau\adwcleaner0.exe
# Option [Recherche]


***** [Processus] *****

Présent : [PID:1856] SearchSettings.exe

***** [Services] *****


***** [Fichiers / Dossiers] *****

Fichier Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navigateur OfferBox.lnk

***** [Registre] *****

Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.DllInfo
Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDF
Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor
Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFLine
Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFText
Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.Tools
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v14.0.835.186

Fichier : C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1589 octets] - [24/09/2011 17:50:10]

########## EOF - C:\AdwCleaner[R1].txt - [1717 octets] ##########

Voici le rapport awd j ai installé avast comme antivirus . merci
1
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
24 sept. 2011 à 19:38
re, j ai fais adw et otl mais otl bug en disant qu'il ne trouvait j ai aissé tourné une demi heure et rien j ai donc eteins le pc y a til une case a cocher comme la premiere fois avec tous les utilisateurs merci pour votre disponibilité
1
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
24 sept. 2011 à 20:02
http://www.cijoint.fr/cjlink.php?file=cj201109/cijW87zl0D.txt
https://pjjoint.malekal.com/files.php?id=g12t15v6e8n12s11y8k6e10s8y6p15g8w6c11k5r14m5r5j13

Voici les liens , mon pc se comporte mieux il rame moins .merci par contre j ai souvent un clic comme lors d un message windows alors que rien ne s affiche ?
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
Modifié par kalimusic le 24/09/2011 à 21:33
Bonsoir,

Effectue un scan en ligne en suivant ce tutoriel :
http://www.bibou0007.com/t3691-tutorial-eset-online-scanner
note : attention, ce scan est généralement assez long à réaliser

N'oublie pas de sauvegarder le rapport pour le transmettre.

As tu le CD de XP si besoin ?

A +
«La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»
1
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
25 sept. 2011 à 11:11
Bonjour , j ai essaye 3 fois les 2 premières il me trouvait une dizaine de fichiers infectes mais a la fin du scan mon pc bloquait et la dernière ce matin il me trouve rien et débloque mon pc en fin de scan merci
1
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
25 sept. 2011 à 11:19
Bonjour,

Tu n'as pas le rapport ?

Tu as moins de 1 Go de RAM et je pense que ta machine n'est pas récente, la lenteur relative s'explique aussi par ce facteur.


A +
1
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
25 sept. 2011 à 13:52
OTL n'a rien trouvé dans la quarantaine de ESET.
On termine :

1. Lance OTL
● Dans la partie du bas "Personnalisation", copie/colle:

:commands
[clearallrestorepoints]

● Clique sur le bouton Correction.

2. Relance OTL en tant qu'administrateur
● Clique sur le bouton Purge outils
● Clique ensuite sur OK dans la boite de dialogue qui t'invite à redémarrer le système.

3. Relance DelFix
● Clique sur le bouton Suppression.
● Puis Désinstallation.

4. Désinstalle les versions obsolètes de
Java(TM) 6 Update 22 et de FlashPlayer 9

5. Mises à jour de logiciels pouvant présenter des failles de sécurité.

● Télécharge et installe JRE 6 Update 27

● Télécharge et installe Adobe Flash Player 10.3.183.10

!! l'installation de Google Chrome est facultative pour les logiciels Adobe !!

6. Si tu as le CD de XP, Vérification des fichiers système :
Windows + R, tu tapes sfc /scannow
aide : Comment réparer Windows - Commande SFC /scannow

== == == == == == == == == == == == == == == == == == == == == ==

les choses simples qui font la différence :

Maintenir Windows à jour

Maintenir les logiciels à jour avec Secunia OSI (merci australien)
Ou en utilisant leur logiciel Secunia Personal Software Inspector
Ou celui-ci : Update Checker

Ne pas surfer en droits administrateurs

Ne pas installer n'importe quel logiciel sur son PC (surtout via des liens publicitaires), toujours se renseigner avant. Les télécharger dans la mesure du possible sur le site de l'éditeur. Éviter d'installer les diverses barres d'outils ou de recherches, etc....proposées lors de l'installation.

Bannir les sites à risques (pornographiques, etc...) et les comportements à risques (P2P, cracks, warez....)

Ne pas cliquer aveuglement sur des liens contenus dans les e-mails, les messageries instantanées, les réseaux sociaux, etc ...même si l'expéditeur est connu et à plus forte raison s'il est inconnu ou suspect.

Utiliser un navigateur alternatif et le sécuriser (par exemple Firefox avec des modules complémentaires comme AdBlock, Noscript, WOT, etc...)

== == == == == == == == == == == == == == == == == == == == == ==

La sécurité de son PC, c'est quoi ? (par Malekal)

== == == == == == == == == == == == == == == == == == == == == ==

Bonne continuation
1
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
25 sept. 2011 à 15:23
Ok merci pour votre aide ainsi que votre disponibilité ! Je pnse que je vais acheter de la ram pour que mon pc reponde un peu plus vite merci bonne journée .
1
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
24 sept. 2011 à 11:34
Bonjour

Il faut éviter de se servir de certains outils sans connaissances, tel que Combofix.

@+
0
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
24 sept. 2011 à 12:16
http://www.cijoint.fr/cjlink.php?file=cj201109/cijWuzH5vk.txt
http://www.cijoint.fr/cjlink.php?file=cj201109/cijJLEZJ0q.txt
http://www.cijoint.fr/cjlink.php?file=cj201109/cijlogoZjv.txt
http://www.cijoint.fr/cjlink.php?file=cj201109/cijYPTEm59.txt

Merci beaucoup pour votre aide et votre réactivité !
0
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
24 sept. 2011 à 13:29
loran76974,

Pour l'instant le site cijoint.fr mouline un peu, dés que j'ai accès au rapport, je reviens vers toi.

A +
0
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
24 sept. 2011 à 13:42
Ok pas de soucis merci encore
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
Modifié par ^^Marie^^ le 24/09/2011 à 13:57
Pour avancer °°))

ComboFix 11-09-21.01 - loran 21/09/2011 12:33:26.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.895.531 [GMT 2:00]
Lancé depuis: c:\documents and settings\loran\Mes documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\pA21703HdNdI21703
c:\documents and settings\All Users\Application Data\pA21703HdNdI21703\pA21703HdNdI21703
c:\documents and settings\All Users\Application Data\pA21703HdNdI21703\pA21703HdNdI21703.exe
c:\documents and settings\loran\Application Data\OfferBox
c:\documents and settings\loran\Application Data\OfferBox\config.dat
c:\documents and settings\loran\Application Data\OfferBox\config.xml
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-21 au 2011-09-21 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-19 09:07 . 2011-09-19 09:07 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-08-28 20:27 . 2011-08-28 20:27 -------- d-----w- c:\windows\ShellNew
2011-08-28 20:27 . 2011-08-28 20:27 -------- d-----w- c:\program files\AutoHotkey
2011-08-26 20:27 . 2011-08-26 20:27 -------- d-----w- c:\program files\Winamax Poker
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-10-11 16:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"SearchSettings"="c:\program files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Orange\\Browser\\Browser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
"8051:TCP"= 8051:TCP:BitComet 8051 TCP
"8051:UDP"= 8051:UDP:BitComet 8051 UDP
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [24/06/2011 17:30 393112]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/10/2010 19:33 1684736]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - RSVP
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-688789844-1801674531-1004Core.job
- c:\documents and settings\loran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 05:01]
.
2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-688789844-1801674531-1004UA.job
- c:\documents and settings\loran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 05:01]
.
.
------- Examen supplémentaire -------
.
IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\program files\PartyFrance\PartyPokerFr\RunApp.exe
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://www.bobtv.fr/download/v2/cfweb_www.bobtv.fr-download-v2_instmodule.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
Heure de fin: 2011-09-21 12:48:55
ComboFix-quarantined-files.txt 2011-09-21 10:48
.
Avant-CF: 76 295 856 128 octets libres
Après-CF: 77 093 658 624 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
-End Of File CF52382C7F062AE91A47A06E3E20667D





--
Je suis entrée dans CCM, La cigarette dans une main,
Les © Tongs © dans l'autre main
Les ***** nus sous la chemise
Salut Top ... Ne sois pas trop loin
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
24 sept. 2011 à 13:56
www.malwarebytes.org

Version de la base de données: 4801

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/09/2011 13:10:22
mbam-log-2011-09-19 (13-10-22).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 214051
Temps écoulé: 1 heure(s), 18 minute(s), 41 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D88EE1-2820-4718-8EB6-15E6E626EADB}\RP254\A0017165.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D88EE1-2820-4718-8EB6-15E6E626EADB}\RP254\A0017166.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\loran\Local Settings\Temp\0.28069845845435726.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
24 sept. 2011 à 13:58
OTL logfile created on: 24/09/2011 11:51:58 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\loran\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,22 Mb Total Physical Memory | 420,62 Mb Available Physical Memory | 46,99% Memory free
2,12 Gb Paging File | 1,63 Gb Available in Paging File | 76,97% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 71,41 Gb Free Space | 73,12% Space Free | Partition Type: NTFS
Drive H: | 368,10 Gb Total Space | 179,49 Gb Free Space | 48,76% Space Free | Partition Type: NTFS
Drive I: | 297,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LORAN-F29DDDC51 | User Name: loran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\loran\Bureau\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)
PRC - C:\Program Files\Orange\Launcher\Launcher.exe (France Telecom SA)
PRC - C:\Program Files\Orange\Deskboard\Deskboard.exe ()
PRC - C:\Program Files\Orange\Connectivity\ConnectivityManager.exe (France Telecom SA)
PRC - C:\Program Files\Orange\Connectivity\corecom\OraConfigRecover.exe (France Telecom SA)
PRC - C:\Program Files\Orange\Connectivity\corecom\CoreCom.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (France Telecom SA)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll ()
MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\Locales\fr.dll ()
MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\avutil-51.dll ()
MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\avformat-53.dll ()
MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\avcodec-53.dll ()
MOD - C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.3600.135_0\OfferboxChromePlugin.dll ()
MOD - C:\WINDOWS\system32\custmon32.dll ()
MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Orange\Launcher\Plugins\PluginLnhRecovery.dll ()
MOD - C:\Program Files\Orange\Deskboard\PluginSrvHeader.dll ()
MOD - C:\Program Files\Orange\Deskboard\PluginSrvWooSettings.dll ()
MOD - C:\Program Files\Orange\Deskboard\PluginSearch.dll ()
MOD - C:\Program Files\Orange\Deskboard\Deskboard.exe ()
MOD - C:\Program Files\Orange\Launcher\Plugins\PluginLnhPromptManager2.dll ()
MOD - C:\Program Files\Orange\Launcher\WatchClient.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - (Norton Internet Security) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\loran\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\loran\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com


[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: OfferboxChromePlugin Dynamic Link Library (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.3600.135_0\OfferboxChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Offerbox = C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.3600.135_0\

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SystrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)
O4 - HKU\S-1-5-21-2000478354-688789844-1801674531-1004..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2000478354-688789844-1801674531-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-688789844-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe ()
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2000478354-688789844-1801674531-1004\..Trusted Domains: orange.fr ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Détection de dispositifs)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} https://www.bobtv.fr/download/v2/cfweb_www.bobtv.fr-download-v2_instmodule.exe (AXCamfrogWebCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{427753F4-2622-4CE5-89EC-5815E39E9229}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\loran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\loran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/11 18:51:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/25 13:44:37 | 000,000,051 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2011/09/24 11:41:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/24 10:23:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/21 12:31:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/21 12:26:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/21 12:26:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/21 12:26:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/21 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/21 12:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/21 12:19:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/21 12:19:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\loran\Menu Démarrer\Programmes\Outils d'administration
[2011/09/21 08:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/09/19 11:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\loran\Bureau\RK_Quarantine
[2011/09/19 10:53:40 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\loran\Bureau\OTL.com
[2011/09/19 10:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/19 09:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/19 09:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/01 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\loran\Mes documents\Nouveau dossier
[2011/08/30 12:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\loran\Bureau\SNG Pokerstars
[2011/08/28 22:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AutoHotkey
[2011/08/28 22:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/08/28 22:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/08/26 22:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2011/09/24 11:53:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/09/24 11:48:32 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/24 11:48:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/24 11:35:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/24 11:31:05 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-688789844-1801674531-1004UA.job
[2011/09/24 10:24:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2011/09/24 09:53:55 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/23 16:31:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-688789844-1801674531-1004Core.job
[2011/09/21 12:31:27 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2011/09/21 07:33:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\loran\Bureau\Google Chrome.lnk
[2011/09/21 07:33:23 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/19 10:53:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\loran\Bureau\OTL.com
[2011/09/19 10:26:02 | 003,602,705 | ---- | M] () -- C:\Documents and Settings\loran\Bureau\Pre_scan.pif.exe
[2011/09/19 10:20:33 | 000,570,368 | ---- | M] () -- C:\Documents and Settings\loran\Bureau\winlogon.pif.exe
[2011/09/17 18:05:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/15 23:00:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/26 22:27:20 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Winamax Poker.lnk
[2011/08/25 14:35:23 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\loran\Bureau\SharkScope HUD.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2011/09/24 11:53:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/09/22 09:27:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/21 12:31:27 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2011/09/21 12:31:23 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/09/21 12:26:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/21 12:26:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/21 12:26:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/21 12:26:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/21 12:26:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/19 10:26:01 | 003,602,705 | ---- | C] () -- C:\Documents and Settings\loran\Bureau\Pre_scan.pif.exe
[2011/09/19 10:20:33 | 000,570,368 | ---- | C] () -- C:\Documents and Settings\loran\Bureau\winlogon.pif.exe
[2011/04/25 10:58:02 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\GestPoker.db3
[2011/04/01 19:38:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/01 19:29:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2011/02/26 19:34:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/01/19 19:23:30 | 000,135,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/19 11:59:37 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2010/11/15 04:02:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/05 15:00:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/11/05 14:58:22 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/10/17 08:44:55 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/10/17 08:44:53 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2010/10/17 08:44:53 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/13 23:52:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/13 23:52:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/13 23:52:25 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/13 23:52:25 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/13 23:52:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/13 23:47:44 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\loran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 05:40:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010/10/11 20:40:21 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/11 20:39:06 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/11 19:38:48 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/10/11 19:26:46 | 000,026,802 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/10/11 19:26:16 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/10/11 19:26:08 | 000,021,982 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/10/11 19:26:08 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/10/11 18:53:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/11 18:48:28 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/14 02:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/14 02:03:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/14 02:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/14 02:03:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/14 02:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/14 02:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/14 02:03:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/14 02:03:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/04/14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 14:00:00 | 000,500,454 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/04/14 14:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/04/14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 14:00:00 | 000,080,508 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/04/14 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/04/14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========/color

[2011/01/19 11:59:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/19 11:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/14 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/13 03:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2011/04/29 14:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/03 12:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\BitComet
[2011/08/08 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Camfrog
[2011/05/08 22:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Camfrog Web
[2011/05/15 16:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
[2011/06/29 12:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\HEM Data
[2011/08/06 07:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Microgaming
[2010/12/26 21:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Partouche
[2011/08/06 07:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Partouche Poker
[2011/04/28 01:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\pdfforge
[2010/11/05 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Samsung
[2011/07/28 19:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Search Settings
[2010/10/13 06:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color



[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >/color
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >/color
[2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.INF >/color
[2008/04/14 14:00:00 | 000,002,246 | ---- | M] () MD5=F17CBADDC17090C568384B6D67749FAD -- C:\WINDOWS\inf\volsnap.inf

[color=#A23BEC]< MD5 for: VOLSNAP.PNF >/color
[2011/01/19 11:31:45 | 000,005,028 | ---- | M] () MD5=E28C4EC2B0D3B2CFD4D34E6C6F97AD46 -- C:\WINDOWS\inf\volsnap.PNF

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >/color
[2008/04/14 14:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 14:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %temp%\*.exe /s >/color

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >/color
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2011/06/11 18:06:19 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.3.1.55\SetupAdmin.exe

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >/color
[2010/11/02 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/04/29 14:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/04/29 14:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/01/19 11:59:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/12 17:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/27 09:16:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/09/21 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/10/11 19:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/01/19 11:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/20 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/11/15 13:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/14 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/19 14:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/13 03:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2011/04/29 14:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[color=#A23BEC]< %APPDATA%\*.exe /s >/color
[2010/11/14 12:32:24 | 017,552,011 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Intelli-studio\iUpdate.exe
[2011/08/26 22:21:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\loran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/08/19 14:30:56 | 000,488,448 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche Poker\PartoucheFR.exe
[2011/07/19 16:13:14 | 011,539,232 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche Poker\Partouche_Poker_Setup_03.22.exe
[2011/07/13 10:45:12 | 004,415,488 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche Poker\Poker.exe
[2011/07/19 16:13:28 | 000,426,550 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche Poker\uninst.exe
[2010/08/19 14:31:42 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche Poker\Updater.exe
[2010/11/05 12:09:24 | 000,488,448 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche\Partouche.exe
[2010/11/15 18:44:04 | 003,235,328 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche\Poker.exe
[2010/12/26 21:22:15 | 000,411,404 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche\uninst.exe
[2010/11/05 12:10:36 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\loran\Application Data\Partouche\Updater.exe

[color=#A23BEC]< %APPDATA%\*. >/color
[2010/10/20 19:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Adobe
[2011/05/31 14:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Apple Computer
[2010/11/03 12:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\BitComet
[2011/08/08 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Camfrog
[2011/05/08 22:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Camfrog Web
[2011/05/15 16:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
[2011/06/29 12:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\HEM Data
[2010/10/11 18:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Identities
[2011/06/15 10:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\InstallShield
[2011/07/29 23:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Intelli-studio
[2010/10/11 20:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Macromedia
[2010/10/12 17:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Malwarebytes
[2010/10/13 23:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Media Player Classic
[2011/08/06 07:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Microgaming
[2010/12/11 11:07:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\loran\Application Data\Microsoft
[2010/12/22 14:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Mozilla
[2010/12/22 14:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Mozilla-Cache
[2010/12/26 21:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Partouche
[2011/08/06 07:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Partouche Poker
[2011/04/28 01:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\pdfforge
[2010/10/17 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Real
[2010/11/05 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Samsung
[2011/07/28 19:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Search Settings
[2011/06/20 14:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Skype
[2010/11/15 13:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Sun
[2011/05/13 22:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\vlc
[2010/10/13 06:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /s >/color

[color=#A23BEC]< hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s >/color
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2011/06/06 13:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >/color
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 14:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 14:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 14:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Launcher.exe\shell\open\command\\: "C:\Program Files\Orange\Launcher\Launcher.exe" -appid browser [2007/09/25 19:58:46 | 000,598,016 | ---- | M] (France Telecom SA)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >/color
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\loran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 05:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 14:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 14:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 14:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Launcher.exe\shell\open\command\\: "C:\Program Files\Orange\Launcher\Launcher.exe" -appid browser [2007/09/25 19:58:46 | 000,598,016 | ---- | M] (France Telecom SA)

[color=#E56717]========== Alternate Data Streams ==========/color

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03412444

< End of report >

0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
24 sept. 2011 à 13:58
OTL Extras logfile created on: 24/09/2011 11:51:58 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\loran\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,22 Mb Total Physical Memory | 420,62 Mb Available Physical Memory | 46,99% Memory free
2,12 Gb Paging File | 1,63 Gb Available in Paging File | 76,97% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 71,41 Gb Free Space | 73,12% Space Free | Partition Type: NTFS
Drive H: | 368,10 Gb Total Space | 179,49 Gb Free Space | 48,76% Space Free | Partition Type: NTFS
Drive I: | 297,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LORAN-F29DDDC51 | User Name: loran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========/color


[color=#E56717]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2000478354-688789844-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5432:TCP" = 5432:TCP:*:Enabled:postgres
"8051:TCP" = 8051:TCP:*:Enabled:BitComet 8051 TCP
"8051:UDP" = 8051:UDP:*:Enabled:BitComet 8051 UDP

[color=#E56717]========== Authorized Applications List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orange\Browser\Browser.exe" = C:\Program Files\Orange\Browser\Browser.exe:*:Enabled:Browser -- ()
"C:\Program Files\Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A138994-04B3-4AE2-AB89-74B818AFB1B3}" = Samsung PC Studio 3
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
"{1D76557F-04F5-4CF9-AB20-6A621B0D52D7}" = MyPDFConverter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34785AD0-6276-11DF-A08A-0800200C9A66}" = Full Tilt Poker.Fr
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{638482BC-3092-42DC-AEA1-735264911A77}" = pdfforge Toolbar v4.5
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A512F58-ECDE-FF9D-326B-08309D11238E}" = Winamax Poker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.6 - Français
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{BEE6FD2B-B3C5-5889-5A3A-A112C2F1F936}" = BarrierePoker.fr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7D59052-72BE-4EA7-88AC-0AF0013FC2E6}_is1" = GestPoker version 1.0
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{ORAHSS}.Browser" = Navigateur Orange
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"bwin Poker_is1" = bwin Poker
"CanonMyPrinter" = Canon Utilities My Printer
"CFWebAdvancedU2" = Camfrog Web Advanced 2.0 ActiveX Plugin (remove only)
"Everest Poker.fr" = Everest Poker.fr (Remove Only)
"fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1" = BarrierePoker.fr
"HoldemManager" = Holdem Manager
"ie8" = Windows Internet Explorer 8
"Intelli-studio" = SAMSUNG Intelli-studio
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mypokfr (Poker)" = MyPok
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPokerFr" = PartyPoker.fr
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"QcDrv" = Programme de gestion Camera de Logitech®
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SharkScope HUD" = SharkScope HUD 1.0.220
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 1.1.5
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========/color

[HKEY_USERS\S-1-5-21-2000478354-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Partouche" = Partouche
"Partouche Poker" = Partouche Poker

[color=#E56717]========== Last 10 Event Log Errors ==========/color

[ Application Events ]
Error - 23/09/2011 03:19:04 | Computer Name = LORAN-F29DDDC51 | Source = PostgreSQL | ID = 0
Description = 2011-09-23 09:19:04 CESTFATAL: the database system is starting up


Error - 24/09/2011 03:54:11 | Computer Name = LORAN-F29DDDC51 | Source = PostgreSQL | ID = 0
Description = 2011-09-24 09:54:11 CESTFATAL: the database system is starting up


Error - 24/09/2011 04:24:50 | Computer Name = LORAN-F29DDDC51 | Source = Application Hang | ID = 1002
Description = Application bloquée chrome.exe, version 14.0.835.186, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/09/2011 04:26:12 | Computer Name = LORAN-F29DDDC51 | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1678457855.

Error - 24/09/2011 05:14:26 | Computer Name = LORAN-F29DDDC51 | Source = PostgreSQL | ID = 0
Description = 2011-09-24 11:14:26 CESTFATAL: the database system is starting up


Error - 24/09/2011 05:36:43 | Computer Name = LORAN-F29DDDC51 | Source = crypt32 | ID = 131077
Description = Échec de la récupération de la mise à jour automatique du certificat
racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
avec l'erreur : The connection with the server was terminated abnormally

Error - 24/09/2011 05:36:43 | Computer Name = LORAN-F29DDDC51 | Source = crypt32 | ID = 131077
Description = Échec de la récupération de la mise à jour automatique du certificat
racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 24/09/2011 05:46:16 | Computer Name = LORAN-F29DDDC51 | Source = Application Error | ID = 1000
Description = Application défaillante chrome.exe, version 14.0.835.186, module défaillant
chrome.dll, version 14.0.835.186, adresse de défaillance 0x0021d342.

Error - 24/09/2011 05:46:26 | Computer Name = LORAN-F29DDDC51 | Source = Application Error | ID = 1000
Description = Application défaillante chrome.exe, version 14.0.835.186, module défaillant
chrome.dll, version 14.0.835.186, adresse de défaillance 0x0021d342.

Error - 24/09/2011 05:48:43 | Computer Name = LORAN-F29DDDC51 | Source = PostgreSQL | ID = 0
Description = 2011-09-24 11:48:43 CESTFATAL: the database system is starting up


[ System Events ]
Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7001
Description = Le service Apple Mobile Device dépend du service Pilote du protocole
TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7001
Description = Le service Service Bonjour dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 24/09/2011 05:47:23 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX StarOpen Tcpip

Error - 24/09/2011 05:47:43 | Computer Name = LORAN-F29DDDC51 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/09/2011 05:48:42 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7000
Description = Le service Norton Internet Security n'a pas pu démarrer en raison
de l'erreur : %%3

Error - 24/09/2011 05:48:45 | Computer Name = LORAN-F29DDDC51 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SRTSP SRTSPX


< End of report >




0
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
24 sept. 2011 à 14:12
Merci ^^Marie^^

loran76974 :

Tu n'as pas d'antivirus ? :/

Et comme déjà dit, ComboFix est un outil puissant à n'exécuter qu'avec l'assistance d'une personne formée à cet outil.

== == == == == == == == ==

1. Désinstalle :

pdfforge Toolbar v4.5  

2. Installe un antivirus de ton choix :

https://www.malekal.com/tutoriel-antivirus-avast/
https://www.malekal.com/tutoriel-microsoft-security-essentials/
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Etc...

3. Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
● Lance AdwCleaner
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● clique sur Recherche
● Patiente le temps du scan, le rapport doit s'ouvrir spontanément à la fin.
● Clique sur Quitter

Le rapport est sauvegardé à la racine du disque C:\AdwCleaner[R1].txt

Poste le rapport.

A +
0
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
24 sept. 2011 à 18:26
re,

1. Relance AdwCleaner

- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● clique sur Suppression
● Patiente le temps du scan, le rapport doit s'ouvrir spontanément à la fin.
● Clique sur Quitter

Le rapport est sauvegardé à la racine du disque C:\AdwCleaner[S1].txt

2. Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● L'interface principale s'ouvre :
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation :

:OTL
SRV - (Norton Internet Security) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)     
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com     
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.     
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)     
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present 
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] 
[2011/04/28 01:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\pdfforge     
[2011/07/28 19:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loran\Application Data\Search Settings     
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03412444 

:Files
ipconfig /flushdns /c
C:\Program Files\Fichiers communs\Spigot
C:\Program Files\Application Updater

:Commands 
[emptyflash]
[emptytemp]

● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.

Tu peux le retrouver le fichier à la racine du disque : C:\_OTL\MovedFiles (Vérifie la date si besoin : jjmmaaaa_xxxxxxxx.log)

3. Héberge les 2 rapports et donne moi le liens.

4. Dis moi comment se comporte ton pc maintenant ?

A +
0
loran76974 Messages postés 12 Date d'inscription samedi 24 septembre 2011 Statut Membre Dernière intervention 25 septembre 2011 4
24 sept. 2011 à 21:18
euh rectification mon pc rame quand meme lol
0