Infection multiple de trojans dans le "AppData/Local/Temp" de chaque session

Processeur Messages: 326 Tutoriaux : 0

Bonjour,

Voici mon souci:

http://www.hebergementimages.com/images/1210108707_virus-data.jpg

Plusieurs virus (en groupe de 2 ou de 3) apparaissent systématiquement comme cela depuis le 6 mai et ce toutes les heures je crois... et dans le même dossier ! Je fais "delete" mais ça recommence, que faire !

---> et tu fais clic droit / copier

- Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le menu "File" -> "Past from clip board"
- Clique sur "All Files"
- Clique sur la croix rouge et blanche
- Répond "yes" et laisse redémarrer ton pc.
N'hésite pas à consulter en cas de souci.l'Aide killbox

NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas, redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur

Après redémarrage, relance Killbox puis clic sur le menu fichier -> Log -> Actions History Log
Poste le rapport ici

Processeur Messages: 326 Tutoriaux : 0

je suis sincèrement désolé mais j'ai suivi les conseils de ce site:

http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/securite /virus-reguliers-dans-appdatalocaltemp-353551/messages-1.html#end

c'est réglé, mais de nouveau problèmes sont apparus (voir les derniers posts)

re,

l'utilisation de Genproc est du domaine de l'auto-résolution amateur.
Libre à toi d'avoir été sur ce site...mais je ne vois pas bien le pourquoi de ton message ici ... Pfff

mets le post en résolu:
http://www.aidoforum.com/forum/sujet-3214.html

Processeur Messages: 326 Tutoriaux : 0

euh ça veut dire quoi tout ça que j'aurais pas dû faire ce qu'on m'a dit ?

Processeur Messages: 326 Tutoriaux : 0

non mais je n'ai fait qu'une seule manipulation c'est bon je suis pas fou non plus

tu as choisis de suivre les conseils d'un autre site.
Pas de problème, mais d'autre part tu te contredis:

Processeur Messages: 326 Tutoriaux : 0

Bon et bien pour faire simple, les problèmes qui sont apparus sont:

-Disparition du système d'exécution automatique pour les périphériques USB ainsi que les DVD, CD,...
-Dysfonctionnement de certains programmes ou jeux (ex: le MMORPG Dofus, qui reste bloqué sur le chargement initial)

Processeur Messages: 326 Tutoriaux : 0

bon et bien tu as raison je ne vais suivre qu'un seul site et ce sera celui-ci
suite à ces bugs j'ai fait une restauration système et je vais reprendre les analyses que tu m'as conseillé dans ton premier post
je post les rapports dans pas longtemps Clin d'oeil

Processeur Messages: 326 Tutoriaux : 0

Au passage, voici le rapport d'une analyse d'Antivir, juste au cas où:

Avira AntiVir Personal
Report file date: lundi 12 mai 2008 13:13

Scanning for 1260844 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-NICOLAS

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 16/04/2008 17:18:15
AVSCAN.DLL : 8.1.1.0 53505 Bytes 16/04/2008 17:18:15
LUKE.DLL : 8.1.2.9 151809 Bytes 16/04/2008 17:18:16
LUKERES.DLL : 8.1.2.1 12033 Bytes 16/04/2008 17:18:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:09:22
ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 11:09:23
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 17:18:16
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 11:09:29
AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 11:09:29
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:50:46
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 18:59:22
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 18:47:13
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 11:09:28
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 18:47:08
AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 11:09:26
AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 11:09:25
AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 11:09:24
AVWINLL.DLL : 1.0.0.7 14593 Bytes 16/04/2008 17:18:15
AVPREF.DLL : 8.0.0.1 25857 Bytes 16/04/2008 17:18:15
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 16/04/2008 17:18:15
AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 17:18:15
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 16/04/2008 17:18:15
SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 17:18:16
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 16/04/2008 17:18:16
NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 17:18:16
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 16/04/2008 17:18:08
RCTEXT.DLL : 8.0.32.0 86273 Bytes 16/04/2008 17:18:08

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 12 mai 2008 13:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'dofus.dll' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smvss.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'CNAC3RPK.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
80 processes with 80 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '17' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Users\Nicolas\AppData\Local\Temp\3exymupcnt8.exe
[DETECTION] Is the Trojan horse TR/Zapchast.GM
[NOTE] The file was deleted!
C:\Users\Nicolas\AppData\Local\Temp\42exymupcnt8.exe
[DETECTION] Is the Trojan horse TR/Zapchast.GM
[NOTE] The file was deleted!
C:\Users\Nicolas\AppData\Local\Temp\55exymupcnt8.exe
[DETECTION] Is the Trojan horse TR/Zapchast.GM
[NOTE] The file was deleted!
C:\Users\Nicolas\AppData\Local\Temp\99exymupcnt8.exe
[DETECTION] Is the Trojan horse TR/Zapchast.GM
[NOTE] The file was deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <RECOVERY>

End of the scan: lundi 12 mai 2008 14:03
Used time: 50:43 min

The scan has been done completely.

17447 Scanning directories
300298 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
300294 Files not concerned
2362 Archives were scanned
4 Warnings
4 Notes

P.S: mon infection est une "infection multiple"

Processeur Messages: 326 Tutoriaux : 0

Rapport main.txt:

Deckard's System Scanner v20071014.68
Run by Nicolas on 2008-05-12 14:09:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
29: 2008-05-12 11:14:20 UTC - RP217 - Windows Update
28: 2008-05-12 11:01:54 UTC - RP216 - Avira AntiVir Personal - 12/05/2008 13:01
27: 2008-05-12 10:46:51 UTC - RP214 - Opération de restauration
26: 2008-05-12 10:40:36 UTC - RP213 - Avira AntiVir Personal - 12/05/2008 12:40
25: 2008-05-12 09:40:08 UTC - RP211 - Opération de restauration

-- First Restore Point --
1: 2008-05-07 12:48:44 UTC - RP183 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-12 14:12:01
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system\smvss.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\explorer.exe
C:\Users\Nicolas\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?source=iglk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row& channel=fr-smb&ibd=1080228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [devenv] C:\Windows\system\smvss.exe /w
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebCo ntrol.cab?1207991958191
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{88160140-46A3-4461-9C9B-9F0AE2AB0FB0}: NameServer = 80.118.192.100,80.118.196.106
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe

--
End of file - 10454 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-11 23:18:57 0 d-------- C:\Program Files\Avira(1)
2008-05-11 19:55:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 01:15:28 0 d-------- C:\Windows\BDOSCAN8
2008-05-07 23:06:35 0 d-------- C:\327882R2FWJFW
2008-05-07 23:01:54 0 d-------- C:\Program Files\Trend Micro
2008-05-07 22:51:34 0 d-------- C:\SupportSoft
2008-04-25 14:13:58 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-25 14:12:39 0 d-------- C:\Program Files\Ripp-it_AM
2008-04-25 14:09:04 0 d-------- C:\Users\All Users\AVS4YOU
2008-04-25 14:08:52 658432 --a------ C:\Windows\system32\cc3270mt.dll <Not Verified; Borland Corporation; Borland Developer Studio>
2008-04-25 14:08:52 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-04-25 14:08:47 0 d-------- C:\Program Files\AVS4YOU
2008-04-21 23:58:40 684 --a------ C:\Windows\mozver.dat
2008-04-19 20:30:39 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-19 19:28:44 0 d-------- C:\Users\All Users\Lavasoft
2008-04-12 02:03:27 0 d-------- C:\Windows\Sun

-- Find3M Report ---------------------------------------------------------------

2008-05-12 13:57:54 27525 --a------ C:\Users\Nicolas\AppData\Roaming\nvModes.001
2008-05-12 13:14:06 693588 --a------ C:\Windows\system32\perfh00C.dat
2008-05-12 13:14:06 118450 --a------ C:\Windows\system32\perfc00C.dat
2008-05-12 12:50:45 0 d-------- C:\Program Files\SpeedFan
2008-05-12 12:50:45 0 d-------- C:\Program Files\Dofus
2008-05-12 12:50:44 0 d-------- C:\Program Files\Avira
2008-05-12 11:43:19 0 d-------- C:\Program Files\Avira(4)
2008-05-12 11:19:54 0 d-------- C:\Program Files\Common Files
2008-05-12 11:19:52 0 d-------- C:\Program Files\Avira(3)
2008-05-11 23:26:59 0 d-------- C:\Program Files\Avira(2)
2008-05-11 17:34:17 27525 --a------ C:\Users\Nicolas\AppData\Roaming\nvModes.dat
2008-05-04 18:46:39 0 d-------- C:\Program Files\SEGA
2008-05-04 18:46:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 18:46:02 0 d-------- C:\Users\Nicolas\AppData\Roaming\InstallShield
2008-04-25 14:09:03 0 d-------- C:\Users\Nicolas\AppData\Roaming\AVS4YOU
2008-04-25 12:37:28 0 d-------- C:\Users\Nicolas\AppData\Roaming\Adobe
2008-04-21 23:58:52 0 d-------- C:\Program Files\DivX
2008-04-16 21:39:01 0 d-------- C:\Program Files\Fraps
2008-04-11 22:06:25 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-11 20:26:00 0 d-------- C:\Program Files\Windows Mail
2008-04-11 20:25:33 0 d-------- C:\Program Files\DellTPad
2008-04-10 18:39:10 0 d-------- C:\Users\Nicolas\AppData\Roaming\Malwarebytes
2008-04-04 19:50:51 0 d-------- C:\Program Files\QuickTime
2008-04-02 17:53:32 0 -rahs---- C:\MSDOS.SYS
2008-04-02 17:53:32 0 -rahs---- C:\IO.SYS
2008-03-28 19:20:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-24 01:46:24 0 d-------- C:\Program Files\Xi
2008-03-23 00:57:17 0 d-------- C:\Program Files\Codemasters
2008-03-19 22:46:14 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-18 19:54:24 0 d-------- C:\Users\Nicolas\AppData\Roaming\Media Player Classic
2008-03-17 20:58:35 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-17 20:38:08 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-17 00:19:37 0 d-------- C:\Program Files\eChanblard
2008-03-15 22:03:36 0 d-------- C:\Users\Nicolas\AppData\Roaming\Roxio
2008-03-13 00:48:49 24122 --a------ C:\Users\Nicolas\AppData\Roaming\UserTile.png
2008-03-13 00:48:49 0 d-------- C:\Users\Nicolas\AppData\Roaming\PeerNetworking
2008-03-12 23:02:49 0 d-------- C:\Program Files\Canon
2008-03-06 20:50:46 0 --a------ C:\Windows\nsreg.dat
2008-03-06 20:27:41 74701 --a------ C:\Windows\system32\Uninstal.exe
2008-03-04 13:33:18 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-02-28 13:47:52 76 -r-hs---- C:\Windows\CT4CET.bin
2008-02-28 13:35:55 174 --ahs---- C:\Program Files\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [28/02/2008 21:20]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/05/2007 12:52]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [03/12/2007 07:58]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [02/01/2008 05:44]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/02/2008 13:44]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 18:43]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 13:37]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 13:22]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [28/02/2008 13:56]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 11:24]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01/11/2007 17:39]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [16/04/2008 19:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/03/2008 23:17]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [04/10/2007 21:24]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/10/2007 21:24]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04/10/2007 21:24]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [04/10/2007 21:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"devenv"="C:\Windows\system\smvss.exe" [06/04/2008 15:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 11:23]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [19/03/2007 01:05]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [06/03/2008 21:47]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [28/02/2008 13:49:35]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF 83DC4.exe [28/02/2008 13:51:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04 F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002 BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04 FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7 D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b5293b-ebb7-11 dc-9b8c-001d09a8906f}]
AutoRun\command- F:\autorun.exe
directx\command- F:\DirectX9\dxsetup.exe
setup\command- F:\install.exe

*Newly Created Service* - AVGIO

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-12 14:13:07 ------------

Rapport extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Familiale Premium (build 6000)
Architecture: X86; Language: French

CPU 0: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 3069.43 MiB / 1912.72 MiB
Pagefile Memory (total/avail): 6324.07 MiB / 5099.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.25 MiB

C: is Fixed (NTFS) - 220.27 GiB total, 112.78 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.66 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2250BH - 232.88 GiB - 4 partitions
\PARTITION0 - Unknown - 117.63 MiB
\PARTITION1 - Système de fichiers installable - 10 GiB - D:
\PARTITION2 (bootable) - Système de fichiers installable - 220.27 GiB - C:
\PARTITION3 - Étendu avec Inter. 13 étendue - 2.5 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authori zedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Nicolas\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-NICOLAS
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Nicolas
LOCALAPPDATA=C:\Users\Nicolas\AppData\Local
LOGONSERVER=\\PC-DE-NICOLAS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Nicolas\AppData\Local\Temp
TMP=C:\Users\Nicolas\AppData\Local\Temp
USERDOMAIN=PC-de-Nicolas
USERNAME=Nicolas
USERPROFILE=C:\Users\Nicolas
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Nicolas (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x40c
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c /remove
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Canon LBP5200 --> C:\Program Files\Canon\PrnUninstall\Canon LBP5200\CNAC3UN.EXE
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
correctif rpgxp 1.0.0.1 pour vista --> C:\Windows\system32\Uninstal.exe
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x40c /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x40c /remove
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dofus 1.23.0 --> C:\Program Files\Dofus\uninstall.exe
Fraps --> "C:\Program Files\Fraps\uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Guide de l'utilisateur --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Guide de mise en route Dell --> MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.8.3 Full BETA --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x040C
Live! Cam Avatar --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x040c -removeonly /remove
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x040c -removeonly /remove
Logiciel Intel(R) PROSet/Wireless --> C:\Windows\Installer\iProInst.exe
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x040c -cluninstall
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Encarta 2008 - Études --> MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Encarta Maths --> MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
NetXfer 2.28.348 --> "C:\Program Files\Xi\NetXfer\unins000.exe"
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de diagnostic de modem --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RGSS de RMXP version 1.0.1 --> "C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"
Ri4m v5.0.1d --> C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
RMXP version 1.0.0.1 --> "C:\Program Files\Bodom-Child - RaBBi\RMXP\unins000.exe"
RocketDock 1.3.1 --> "C:\Program Files\RocketDock\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

-- Application Event Log -------------------------------------------------------

Event Record #/Type9688 / Warning
Event Submitted/Written: 05/12/2008 02:08:27 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.245760.7C:\Users\Nicolas\AppData\Local\Temp\43exhmunmlclr10.exe

Event Record #/Type9687 / Warning
Event Submitted/Written: 05/12/2008 02:08:26 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.245760.7C:\Users\Nicolas\AppData\Local\Temp\43exhmunmlclr10.exe

Event Record #/Type9675 / Warning
Event Submitted/Written: 05/12/2008 01:23:21 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.245760.7C:\Users\Nicolas\AppData\Local\Temp\44exhmunmlclr10.exe

Event Record #/Type9674 / Warning
Event Submitted/Written: 05/12/2008 01:23:21 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.245760.7C:\Users\Nicolas\AppData\Local\Temp\44exhmunmlclr10.exe

Event Record #/Type9661 / Success
Event Submitted/Written: 05/12/2008 01:09:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type48827 / Warning
Event Submitted/Written: 05/12/2008 02:12:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Nicolas27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Nicolas27 ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
%PC-de-Nicolas275

ID d’analyse : {5E811253-D7BA-4CE4-882F-A738C566904C}

Utilisateur : PC-de-Nicolas\Nicolas

Nom : %PC-de-Nicolas271

ID : %PC-de-Nicolas272

ID de gravité : %PC-de-Nicolas273

ID de catégorie : %PC-de-Nicolas274

Chemin d’accès trouvé : %PC-de-Nicolas276

Type d’alerte : %PC-de-Nicolas278

Type de détection : 1.1.1505.02

Event Record #/Type48826 / Warning
Event Submitted/Written: 05/12/2008 02:12:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Nicolas27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Nicolas27 ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
%PC-de-Nicolas275

ID d’analyse : {7630E254-1557-4F77-A25B-081C1BD8334F}

Utilisateur : PC-de-Nicolas\Nicolas

Nom : %PC-de-Nicolas271

ID : %PC-de-Nicolas272

ID de gravité : %PC-de-Nicolas273

ID de catégorie : %PC-de-Nicolas274

Chemin d’accès trouvé : %PC-de-Nicolas276

Type d’alerte : %PC-de-Nicolas278

Type de détection : 1.1.1505.02

Event Record #/Type48825 / Warning
Event Submitted/Written: 05/12/2008 02:12:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Nicolas27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Nicolas27 ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
%PC-de-Nicolas275

ID d’analyse : {9C226E84-40CF-4C42-9F52-997A22ECB9ED}

Utilisateur : PC-de-Nicolas\Nicolas

Nom : %PC-de-Nicolas271

ID : %PC-de-Nicolas272

ID de gravité : %PC-de-Nicolas273

ID de catégorie : %PC-de-Nicolas274

Chemin d’accès trouvé : %PC-de-Nicolas276

Type d’alerte : %PC-de-Nicolas278

Type de détection : 1.1.1505.02

Event Record #/Type48824 / Warning
Event Submitted/Written: 05/12/2008 02:12:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Nicolas27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Nicolas27 ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
%PC-de-Nicolas275

ID d’analyse : {C834EA0E-E3CE-41C5-A23C-F78199D4DD03}

Utilisateur : PC-de-Nicolas\Nicolas

Nom : %PC-de-Nicolas271

ID : %PC-de-Nicolas272

ID de gravité : %PC-de-Nicolas273

ID de catégorie : %PC-de-Nicolas274

Chemin d’accès trouvé : %PC-de-Nicolas276

Type d’alerte : %PC-de-Nicolas278

Type de détection : 1.1.1505.02

Event Record #/Type48814 / Warning
Event Submitted/Written: 05/12/2008 01:08:44 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.

-- End of Deckard's System Scanner: finished at 2008-05-12 14:13:07 ------------

Voilà !

Processeur Messages: 326 Tutoriaux : 0

Rapport KillBox:

Pocket Killbox version 2.0.0.881
Running on as Nicolas(Limited Account)
was started @ lundi, mai 12, 2008, 2:18 PM

# 1 [Delete on Reboot]
Path = 81exhmunmldr.exe

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 2:20:39 PM
Killbox Closed(Exit) @ 2:20:43 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on as Nicolas(Limited Account)
was started @ lundi, mai 12, 2008, 2:26 PM

Processeur Messages: 326 Tutoriaux : 0

et enfin, le rapport OAD.exe:

12/05/2008 ---- 14:29:37,24

----------------------------------
§§§§§§ [81exhmunmldr] §§§§§§
----------------------------------
[ ] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------