uc à 100% uniquement pour internet explorer

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

uc à 100% uniquement pour internet explorer

Messagede clavig33 » 02 Mai 2010, 18:03

bonsoir , depuis 10 jours n'ayant fait aucune installation . internet explorer passe a 100% de l'UC au lancement. il n'est pas mon navigateur par défaut,( Firefox). j'ai fait un scanner antivirus par mon matériel (antivir) et un scanner en ligne trendmicro par votre intermédiaire. j'ai utilisé également spibot, ccleaner, tout est vierge! auriez-vous une solution ? voici les logs demandés !merci de votre aide!.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4058

Windows 5.1.2600 Service Pack 3, v.5657
Internet Explorer 7.0.5730.11

02/05/2010 00:33:13
mbam-log-2010-05-02 (00-33-13).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 113196
Temps écoulé: 3 minute(s), 10 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\idwbho2.idwbhocl (Adware.SpeedDownloader) -> No action taken.
HKEY_CLASSES_ROOT\idwbho2.idwbhocl.1 (Adware.SpeedDownloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\ldm.exe (Adware.Agent) -> No action taken.
clavig33
 
Messages: 8
Inscription: 01 Mai 2010, 21:32
Localisation: bordeaux

Messagede clavig33 » 02 Mai 2010, 18:05

TL logfile created on: 02/05/2010 00:39:35 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3, v.5657 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,71 Gb Total Space | 41,39 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 99,66 Gb Total Space | 66,49 Gb Free Space | 66,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 41,47 Gb Total Space | 39,96 Gb Free Space | 96,36% Space Free | Partition Type: NTFS
Drive G: | 39,06 Gb Total Space | 25,50 Gb Free Space | 65,27% Space Free | Partition Type: NTFS
Drive H: | 95,71 Gb Total Space | 20,97 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive I: | 95,71 Gb Total Space | 19,64 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
Drive J: | 109,99 Gb Total Space | 32,06 Gb Free Space | 29,15% Space Free | Partition Type: NTFS

Computer Name: CLAUDE
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/02 00:08:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2010/01/16 05:14:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/25 15:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/08 02:40:52 | 001,377,536 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/19 21:29:45 | 001,501,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/02 22:10:20 | 000,124,416 | ---- | M] (Robust IT) -- C:\Program Files\Taskix\Taskix32.exe
PRC - [2003/06/14 01:02:02 | 000,606,281 | ---- | M] (Heine Inc.) -- C:\Program Files\SpeedRam2\Speedram.exe


========== Modules (SafeList) ==========

MOD - [2010/05/02 00:08:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/08 02:40:52 | 001,377,536 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006/10/26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/10 12:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/16 04:42:00 | 006,305,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/20 17:53:16 | 000,179,584 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2007/12/29 19:48:44 | 000,049,536 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/04 07:51:58 | 000,026,112 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
IE - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
IE - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.voila.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 23:54:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 23:54:51 | 000,000,000 | ---D | M]

[2010/04/25 23:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/04/25 23:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/04/15 08:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ane2eraw.default\extensions
[2010/02/24 22:53:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 03:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/03 20:53:27 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/16 03:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 03:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 03:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 03:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/08/08 04:27:40 | 000,066,296 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 rad.msn.com
O1 - Hosts: 127.0.0.1 rad.live.com
O1 - Hosts: 127.0.0.1 ads1.msn.com
O1 - Hosts: 127.0.0.1 adfarm.mediaplex.com
O1 - Hosts: 127.0.0.1 101com.com
O1 - Hosts: 127.0.0.1 101order.com
O1 - Hosts: 127.0.0.1 103bees.com
O1 - Hosts: 127.0.0.1 1100i.com
O1 - Hosts: 127.0.0.1 123banners.com
O1 - Hosts: 127.0.0.1 123found.com
O1 - Hosts: 127.0.0.1 123pagerank.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 207.net
O1 - Hosts: 127.0.0.1 247media.com
O1 - Hosts: 127.0.0.1 247realmedia.com
O1 - Hosts: 127.0.0.1 24pm-affiliation.com
O1 - Hosts: 127.0.0.1 2log.com
O1 - Hosts: 127.0.0.1 2mdn.net
O1 - Hosts: 127.0.0.1 2o7.net
O1 - Hosts: 127.0.0.1 4affiliate.net
O1 - Hosts: 127.0.0.1 4d5.net
O1 - Hosts: 127.0.0.1 50websads.com
O1 - Hosts: 2346 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1C3B806C-C5DA-4F6E-BA43-B1FF982F0A02} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpeedRam2] C:\Program Files\SpeedRam2\Speedram.exe (Heine Inc.)
O4 - HKLM..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe (Robust IT)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKU\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} http://bobtv.fr/download/cfweb_www.bobt ... module.exe (CamfrogWEB Advanced Unicode Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\keygen.exe: Debugger - StripMyRights.exe /D /L N (Systemintegrasjon AS)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/18 20:44:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/07 13:09:19 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29b66e6c-3697-11df-aa57-00252208180f}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/18 20:43:43 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 00:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/02 00:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/02 00:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/05/02 00:13:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/02 00:13:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/02 00:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/02 00:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/02 00:12:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/05/02 00:09:52 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/05/01 19:43:30 | 001,497,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/05/01 19:43:30 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2010/05/01 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/01 19:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\%DownloadedProgramFiles%
[2010/05/01 19:43:28 | 001,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/05/01 19:43:28 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/01 19:40:56 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/05/01 19:40:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/05/01 19:40:56 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2010/05/01 19:40:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/05/01 19:40:56 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/05/01 19:40:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/05/01 19:40:56 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/05/01 19:40:55 | 003,577,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/05/01 19:40:55 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2010/05/01 19:40:55 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/05/01 19:40:55 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/05/01 19:40:55 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/05/01 19:40:55 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/05/01 19:40:55 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2010/05/01 19:40:55 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/05/01 19:40:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2010/05/01 19:40:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2010/05/01 19:40:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2010/05/01 19:40:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/05/01 19:40:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/05/01 19:40:55 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/05/01 19:40:54 | 001,817,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/05/01 19:40:54 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2010/05/01 19:40:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/05/01 19:40:54 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/05/01 19:40:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2010/05/01 19:40:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/05/01 19:40:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2010/05/01 19:40:53 | 000,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/05/01 19:40:53 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/05/01 19:40:53 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/05/01 19:40:53 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/05/01 19:40:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2010/05/01 19:40:53 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/05/01 19:40:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/05/01 19:40:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/05/01 19:40:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/05/01 19:40:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2010/05/01 19:40:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/05/01 19:40:53 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/05/01 19:40:53 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/05/01 19:40:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/05/01 19:40:53 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/05/01 00:43:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/01 00:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/30 18:09:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2010/04/28 23:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/28 23:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/28 23:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/04/28 23:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple
[2010/04/28 23:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/28 23:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/28 23:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple Computer
[2010/04/25 23:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/25 23:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\TomTom
[2010/04/25 23:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\TomTom
[2010/04/25 23:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/04/25 23:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/04/24 18:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Cleaner

========== Files - Modified Within 30 Days ==========

[2010/05/03 17:53:15 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Nautilus 3D Screensaver.lnk
[2010/05/02 00:27:53 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
[2010/05/02 00:19:33 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/02 00:19:26 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/05/02 00:13:53 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/02 00:12:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/05/02 00:08:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/05/02 00:08:01 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 22:41:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2010/05/01 22:23:29 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/05/01 20:56:50 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/01 20:56:47 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/01 20:56:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/01 20:56:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/01 20:56:42 | 000,074,066 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010/05/01 20:55:36 | 010,071,260 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/05/01 20:55:00 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\manquot-liste cool.doc
[2010/05/01 18:44:51 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Double cool.doc
[2010/05/01 00:47:14 | 001,101,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/01 00:47:14 | 000,503,650 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/01 00:47:14 | 000,435,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/01 00:47:14 | 000,081,678 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/01 00:47:14 | 000,068,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/01 00:39:42 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/30 18:08:56 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2010/04/30 08:06:06 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 18:47:23 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Duplicate Cleaner.lnk
[2010/04/22 19:29:48 | 000,009,619 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\rise.xlsx
[2010/04/22 16:20:48 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\manquot-liste cool 20 à 34.doc
[2010/04/15 19:57:07 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\CV M-L AGENT DE COLLECTIVITE 2010.doc
[2010/04/13 18:09:55 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/05/03 17:53:15 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Nautilus 3D Screensaver.lnk
[2010/05/02 00:19:33 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/02 00:19:26 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/05/02 00:13:53 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/01 22:41:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2010/05/01 19:43:31 | 000,092,431 | ---- | C] () -- C:\WINDOWS\System32\IE7Eula.rtf
[2010/05/01 18:44:51 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Double cool.doc
[2010/05/01 00:38:54 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/24 18:47:23 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Duplicate Cleaner.lnk
[2010/04/17 17:39:29 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\manquot-liste cool 20 à 34.doc
[2010/04/15 19:57:07 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\CV M-L AGENT DE COLLECTIVITE 2010.doc
[2010/04/15 00:27:13 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\manquot-liste cool.doc
[2010/04/13 18:09:55 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/03/13 23:55:00 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/02/19 00:20:09 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/19 00:20:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/18 22:59:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/01/16 04:42:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/16 04:42:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/16 04:42:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/16 04:42:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/19 21:37:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/10/19 21:37:06 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/10/19 21:36:42 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/19 21:36:42 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SelectAll.dll
[2008/10/19 21:36:40 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/19 21:36:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\psicon.dll
[2008/10/19 21:36:39 | 000,398,494 | ---- | C] () -- C:\WINDOWS\System32\moricons2.dll
[2008/10/19 21:36:36 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/10/19 21:36:34 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\depends.dll
[2008/09/05 06:54:44 | 000,283,294 | ---- | C] () -- C:\WINDOWS\System32\iColorFolder.dll
[2008/04/12 07:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/12 07:30:20 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/03/22 00:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\123 Free Solitaire
[2010/02/19 00:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Auslogics
[2010/02/03 20:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Babylon
[2010/02/28 00:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CamfrogWEB
[2010/02/18 22:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited
[2010/03/07 21:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\cerasus.media
[2010/05/02 00:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GigaTribe
[2010/02/28 20:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ImgBurn
[2010/02/19 00:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Notepad++
[2010/02/23 23:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Opera
[2010/02/28 21:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thinstall
[2010/04/25 23:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TomTom
[2010/04/23 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2010/03/06 01:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\V-Games
[2010/02/03 20:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/02/18 22:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/03/12 00:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/24 23:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/03/07 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/04/25 23:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/03/13 00:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Notepad++

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

<MD5>
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\NVIDIA\nForceWinXPInt\15.26\IDE\WinXP\sata_ide\nvgts.sys
[2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\WINDOWS\system32\drivers\nvgts.sys
[2008/11/12 17:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- C:\NVIDIA\nForceWinXPInt\15.26\IDE\WinXP\sataraid\nvgts.sys

<MD5>
[2008/11/12 17:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=6B1B4E25277A99A6B515CF124D6060E0 -- C:\NVIDIA\nForceWinXPInt\15.26\IDE\WinXP\sataraid\nvrd32.sys

<MD5>
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
<End>
clavig33
 
Messages: 8
Inscription: 01 Mai 2010, 21:32
Localisation: bordeaux

Messagede clavig33 » 02 Mai 2010, 18:06

OTL Extras logfile created on: 02/05/2010 00:39:35 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3, v.5657 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,71 Gb Total Space | 41,39 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 99,66 Gb Total Space | 66,49 Gb Free Space | 66,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 41,47 Gb Total Space | 39,96 Gb Free Space | 96,36% Space Free | Partition Type: NTFS
Drive G: | 39,06 Gb Total Space | 25,50 Gb Free Space | 65,27% Space Free | Partition Type: NTFS
Drive H: | 95,71 Gb Total Space | 20,97 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive I: | 95,71 Gb Total Space | 19,64 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
Drive J: | 109,99 Gb Total Space | 32,06 Gb Free Space | 29,15% Space Free | Partition Type: NTFS

Computer Name: CLAUDE
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.reg [@ = ] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\S-1-5-21-1390067357-1767777339-1801674531-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [a-openew] -- explorer.exe "%1" (Microsoft Corporation)
Directory [c-cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"F:\Récup Hitachi\Program Files\GigaTribe\gigatribe.exe" = F:\Récup Hitachi\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe -- File not found
"F:\Récup Hitachi\Program Files\GigaTribe\gigatribe_3x.exe" = F:\Récup Hitachi\Program Files\GigaTribe\gigatribe_3x.exe:*:Enabled:GigaTribe -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrateur\Application Data\Thinstall\Vidal CD\4000002400003i\java.exe" = C:\Documents and Settings\Administrateur\Application Data\Thinstall\Vidal CD\4000002400003i\java.exe:*:Enabled:java -- ()
"I:\Récup Hitachi\eMule 0.47c - Angel Dr34m 2.4\emule.exe" = I:\Récup Hitachi\eMule 0.47c - Angel Dr34m 2.4\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"F:\GigaTribe\gigatribe_3x.exe" = F:\GigaTribe\gigatribe_3x.exe:*:Enabled:GigaTribe -- File not found
"F:\GigaTribe\gigatribe.exe" = F:\GigaTribe\gigatribe.exe:*:Enabled:gigatribe -- (ShalSoft)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3 - Français
"{B15B4D42-6B57-4A36-9458-A07D7F8955F9}" = O&O Defrag Professional
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}" = ITE IT8212 ATA RAID Controller
"3D Spring Blossoms Full Screen Saver" = 3D Spring Blossoms Full Screen Saver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"AquaGes v0.13.4_is1" = 0.13.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CFWebAdvancedU_BOBTV.FR" = CamfrogWEB Advanced ActiveX Plugin
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.5
"ERUNT_is1" = ERUNT 1.1j
"Ext2Ifs_for_NT501" = Ext2IFS 1.11 XP
"ffdshow_is1" = ffdshow [rev 3178] [2010-01-03]
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mountain Lakes Full Screen Saver" = Mountain Lakes Full Screen Saver
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nautilus 3D Screensaver_is1" = Nautilus 3D Screensaver 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuickTime32" = QuickTime for Windows (32-bit)
"ShalSoft.GigaTribe_is1" = GigaTribe 2.52
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"SpeedRam2" = SpeedRam2
"SuperCopier2" = SuperCopier2
"The Rise Of Atlantis_is1" = The Rise Of Atlantis
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Watermill 3D Screensaver_is1" = Watermill 3D Screensaver 1.0
"WHosts" = Windows Trust Anti-Pub
"WinRAR archiver" = Archiveur WinRAR
"WTaskix" = Taskix
"WTCC" = Windows Trust Core Codecs
"WTIS" = Windows Trust Installer
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XSplit" = XtremSplit

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/02/2010 15:55:00 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802c25e, debug? 0,
fault address 0x00012aeb.

Error - 24/02/2010 15:56:15 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 24/02/2010 15:56:18 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802c25e, debug? 0,
fault address 0x00012aeb.

Error - 24/02/2010 15:56:42 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 24/02/2010 15:56:44 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802c25e, debug? 0,
fault address 0x00012aeb.

Error - 24/02/2010 15:56:47 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 24/02/2010 15:56:48 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802c25e, debug? 0,
fault address 0x00012aeb.

Error - 27/02/2010 15:28:11 | Computer Name = AA1D9DF7AD824B2 | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2010 04:34:49 | Computer Name = CLAUDE | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 25/04/2010 17:17:51 | Computer Name = CLAUDE | Source = TomTomHOMEService | ID = 10000
Description =

[ OSession Events ]
Error - 24/02/2010 15:54:48 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/02/2010 15:55:00 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/02/2010 15:56:17 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 74
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/02/2010 15:56:43 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/02/2010 15:56:47 | Computer Name = AA1D9DF7AD824B2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/03/2010 12:20:06 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/03/2010 12:20:27 | Computer Name = CLAUDE | Source = iteraid | ID = 262153
Description = Le périphérique \Device\Scsi\iteraid1 n'a pas répondu dans le délai
imparti.

Error - 25/03/2010 05:08:23 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 25/03/2010 05:08:26 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 25/03/2010 09:08:00 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 26/03/2010 13:55:31 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 26/03/2010 13:55:36 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 26/03/2010 13:56:05 | Computer Name = CLAUDE | Source = iteraid | ID = 262153
Description = Le périphérique \Device\Scsi\iteraid1 n'a pas répondu dans le délai
imparti.

Error - 27/03/2010 05:25:02 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 27/03/2010 05:25:05 | Computer Name = CLAUDE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}


<End>
clavig33
 
Messages: 8
Inscription: 01 Mai 2010, 21:32
Localisation: bordeaux


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 27 invités