Inforumatique

Petit forum sans prétention !!

Vers le contenu

désinfécté img infection en rafale

Modérateurs: toaster_78, niklavi, GrosBébé, Senosen

Règles du forum
Merci, de mettre vos rapports d'infections entre les BBcodes " hide" ou "code" , ceci afin d'éviter des messages trop longs !! un tuto pour le BBcode "hide" existe ici :

viewtopic.php?f=86&t=2338

Merci également de ne pas intervenir dans un sujet en cours si vous n'êtes pas l'auteur du sujet ou quand un helpeur a pris en main celui-ci.Si toutefois vous avez une observation pertinente et/ou à partager veuillez contacter le helpeur par MP
Sujet verouillé

désinfécté img infection en rafale

Messagede ninette42 le 13 Juin 2008, 09:14

Bonjour à vous tous,

J'ai eu une infection en rafale "d'un seul coup" : 73 m'a dit malwarebytes !!!! :haaaa: je suis arrivée à nettoyer avec mon antivirus Avira et ensuite avec malwarebytes. Je voudrais vérifier avec vous si mon pc est propre afin de remédier dans la mesure du possible à ces rafales (en surveillant et nettoyant très souvent).

Merci pour vote aide. ;)
Avatar de l’utilisateur
ninette42
flooder néophite
flooder néophite
 
Messages: 26
Inscription: 12 Juin 2008, 20:18
Localisation: région Franche-Comté
Haut

Re: infection en rafale

Messagede Senosen le 13 Juin 2008, 09:28

:0002: Ninette

Fais un scan en ligne

Il se fait sous internet explorer

Désactive ton antivirus pendant le scan

Accepte l'installation de l'activX

Ne poste pas le rapport ici mais dis nous simplement ce qu'il a trouvé

Ceci pour que l'on connaisse l'intégrité de ta machine ..

http://webscanner.kaspersky.fr

Choisis « Poste de travail »

Si Kaspersky ne fonctionne pas prend celui-ci:

http://www.pandasecurity.com/infected_or_not/fr/

ensuite


Télécharge Deckard's System Scanner (DSS) sur le bureau
>>> http://www.techsupportforum.com/sectool ... rd/dss.exe
ou
>>> http://deckard.geekstogo.com/dss.exe
Ferme toutes les fenêtres et toutes les applications en cours.

=> Double clique sur dss.exe pour lancer l'outil.
=> Clique sur OK à chaque fois que cela sera demandé.
=> L'analyse finie, un fichier texte s'affichera (main.txt).
Enregistre ce rapport sur le bureau.
=> Ferme cette fenêtre.

Il y a 2 rapports, poste moi seulement le rapport main.txt de DSS dans ta prochaine réponse.
Note : le rapport se trouve aussi à cet emplacement C:\Deckard\System Scanner\main.txt
Je ne donne pas d'aide en MP sinon à quoi servirait le forum.

Si un jour tu te sens inutile et déprimé, souviens-toi : un jour tu étais le spermatozoïde le plus rapide de tous.

:malelovies: Certaines personnes méritent d'être connues, non pour leur célébrité mais pour leur Grand Cœur ... :malelovies:
Avatar de l’utilisateur
Senosen
Admin. Logithèque
Admin. Logithèque
 
Années en tant que membre
 
Messages: 4231
Inscription: 23 Mar 2007, 00:32
Localisation: Carcassonne
Haut

Re: infection en rafale

Messagede ninette42 le 13 Juin 2008, 12:39

re,

Kaspershy a trouvé :

Nombre de virus trouvés : 1
Nombre d'objets suspectés : 2


2ème travail :

:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
CPU 1: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1022.48 MiB / 535.34 MiB
Pagefile Memory (total/avail): 2459.63 MiB / 2059.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.51 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 223.01 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 74.49 GiB total, 61.33 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE1 - ST3250310AS - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 232.88 GiB - C:

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 74.49 GiB - E:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\André\\Local Settings\\Temporary Internet Files\\Content.IE5\\GL2LGTET\\incredimail_install[1].exe"="C:\\Documents and Settings\\André\\Local Settings\\Temporary Internet Files\\Content.IE5\\GL2LGTET\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andr‚\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ORDINATEUR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andr‚
LOGONSERVER=\\ORDINATEUR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDR~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANDR~1\LOCALS~1\Temp
USERDOMAIN=ORDINATEUR
USERNAME=Andr‚
USERPROFILE=C:\Documents and Settings\Andr‚
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

André (admin)
NINETTE (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Ahead Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Ask Toolbar --> rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech Legacy USB Camera --> "C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam --> "C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Garmin POI Loader --> MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Harmony Assistant --> C:\Program Files\Harmony Assistant\Uninstal\Uninstal.exe
Heredis 9 --> C:\WINDOWS\unvise32.exe C:\Program Files\BSD Concept\Heredis 9\uninstal.log
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
LOTO PRO Alchimie (Version d'évaluation) --> MsiExec.exe /I{70862F16-E001-4B6C-A162-0C64CAFF32E6}
Magentic --> C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disque 2 --> MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Small Business --> MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911164) -->
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OMeR --> C:\Program Files\Omer\Uninstal\Uninstal.exe
OpenOffice.org 2.4 --> MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Planète Généalogie --> "C:\Program Files\BSD Concept\Planète Généalogie\unins000.exe"
RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
TerraExplorer --> C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
VirginMega.Fr Premium --> MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Windows Live Messenger --> MsiExec.exe /I{E22885AB-B503-46E2-8437-73BBC6BC5487}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type16220 / Warning
Event Submitted/Written: 06/12/2008 04:44:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

Event Record #/Type16219 / Warning
Event Submitted/Written: 06/12/2008 03:16:34 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type16218 / Warning
Event Submitted/Written: 06/12/2008 03:16:34 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Event Record #/Type16217 / Warning
Event Submitted/Written: 06/12/2008 03:16:32 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type16216 / Warning
Event Submitted/Written: 06/12/2008 03:16:32 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type52216 / Error
Event Submitted/Written: 06/12/2008 10:04:40 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context a échoué pour C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Message d'erreur de référence : Opération réussie.
.

Event Record #/Type52215 / Error
Event Submitted/Written: 06/12/2008 10:04:40 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Event Record #/Type52214 / Error
Event Submitted/Written: 06/12/2008 10:04:40 AM
Event ID/Source: 32 / SideBySide
Event Description:
L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.

Event Record #/Type52213 / Error
Event Submitted/Written: 06/12/2008 10:04:40 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context a échoué pour C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Message d'erreur de référence : Opération réussie.
.

Event Record #/Type52212 / Error
Event Submitted/Written: 06/12/2008 10:04:40 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.



-- End of Deckard's System Scanner: finished at 2008-06-13 12:27:17 ------------


----------- EDIT ------------

re,



----------- EDIT ------------

re,

Je pense que le rapport précédent n'est pas bon, je poste le suivant :

:
Deckard's System Scanner v20071014.68
Run by André on 2008-06-13 12:36:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------


-- HijackThis (run as André.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:34, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\André\Local Settings\Temporary Internet Files\Content.IE5\AFERQ05Z\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\André.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e©ùýùàûïÎóÎÑøøñøôÞÊýùñûïÞó] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8836077550
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bw+0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 21381 bytes

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 12:36:24 0 d-------- C:\Program Files\Trend Micro
2008-06-13 10:43:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-13 10:43:45 0 d-------- C:\WINDOWS\LastGood
2008-06-12 18:53:41 0 d-------- C:\Documents and Settings\LocalService\Mes documents
2008-06-12 18:52:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-06-12 18:52:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-12 14:54:14 139264 --a------ C:\WINDOWS\enef.exe
2008-06-08 01:04:07 0 d-------- C:\Program Files\Lavalys
2008-06-05 22:31:49 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-03 13:32:06 0 d-------- C:\Program Files\PIXELA
2008-05-17 16:43:26 0 d-------- C:\Documents and Settings\NINETTE\Application Data\GARMIN
2008-05-17 16:43:11 0 d-------- C:\Program Files\Garmin
2008-05-17 16:39:07 0 d-------- C:\Garmin
2008-05-16 10:18:23 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-05-16 10:13:36 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-05-13 16:45:20 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2008-06-13 09:59:05 0 d-------- C:\Documents and Settings\André\Application Data\OpenOffice.org2
2008-06-12 16:46:40 0 d-------- C:\Documents and Settings\André\Application Data\TmpRecentIcons
2008-06-12 16:34:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 20:25:52 0 d-------- C:\Program Files\Fichiers communs
2008-06-08 20:23:01 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-06-05 13:03:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 13:33:50 50 --a------ C:\AUTOEXEC.BAT
2008-05-16 10:19:20 0 d-------- C:\Program Files\IncrediMail
2008-05-15 16:58:56 445434 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-15 16:58:56 63854 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-12 10:35:29 0 d-------- C:\Program Files\Picasa2
2008-05-11 09:35:20 0 d-------- C:\Program Files\Java
2008-05-09 12:02:44 0 d-------- C:\Documents and Settings\André\Application Data\Real
2008-05-09 12:00:03 0 d-------- C:\Documents and Settings\André\Application Data\Talkback
2008-05-09 11:59:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-09 11:59:45 0 d-------- C:\Documents and Settings\André\Application Data\Mozilla
2008-05-09 11:59:30 0 d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-09 11:59:28 0 d-------- C:\Program Files\Fichiers communs\Real
2008-05-09 11:59:21 0 d-------- C:\Program Files\Real
2008-05-09 11:58:46 0 d-------- C:\Program Files\Google
2008-05-09 11:58:44 3948 --a------ C:\WINDOWS\mozver.dat
2008-05-05 11:17:26 68696 --a------ C:\WINDOWS\hpoins05.dat
2008-05-01 11:53:27 0 d-------- C:\Program Files\Harmony Assistant
2008-04-23 17:11:40 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-23 14:37:20 0 d-------- C:\Documents and Settings\André\Application Data\Malwarebytes
2008-04-23 14:24:12 3268 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-23 08:12:28 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-23 08:12:28 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-22 19:01:05 0 d-------- C:\Program Files\YesMessenger
2008-04-22 06:02:05 0 d-------- C:\Documents and Settings\André\Application Data\ACAMPREF
2008-04-17 12:00:17 0 d-------- C:\Documents and Settings\André\Application Data\Help
2008-04-17 11:59:17 0 d-------- C:\Program Files\Les Logiciels Alchimie
2008-04-14 19:32:27 0 d-------- C:\Program Files\Magentic
2008-04-14 19:28:11 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 16:35]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/08/2006 21:43]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 03:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [13/09/2004 16:49]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [25/10/2007 17:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/10/2007 17:37]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [15/09/2003 15:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"nwiz"="nwiz.exe" [11/08/2006 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/08/2006 21:43]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 16:21 C:\WINDOWS\system32\HdAShCut.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [09/05/2008 11:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/08/2007 14:00]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [23/04/2008 17:45]
"LogitechSetup"="D:\Setup\Setup.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [28/12/2007 17:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/01/2008 17:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
"e©ùýùàûïÎóÎÑøøñøôÞÊýùñûïÞó"="C:\Program Files\XP Antivirus\xpa.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Andr‚\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [11/05/2007 01:29:22]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [04/11/2004 20:50:52]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [04/11/2004 20:28:24]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [11/01/2008 23:16:38]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [28/12/2007 17:10:03]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 10:15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"NoSetFolders"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d139aa83-b566-11dc-95e8-806d6172696f}]
AutoRun\command- D:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-06-13 12:36:49
Avatar de l’utilisateur
ninette42
flooder néophite
flooder néophite
 
Messages: 26
Inscription: 12 Juin 2008, 20:18
Localisation: région Franche-Comté
Haut

Re: infection en rafale

Messagede Senosen le 13 Juin 2008, 13:12

Re,

tu as plusieurs vilains dans ton ordi ....

Télécharge OTMoveIt (de Oldtimer) sur le bureau
>>> http://download.bleepingcomputer.com/ol ... oveIt2.exe

Double-clique sur OTMoveIt2.exe pour le lancer.
=> Assure toi que la case Unregister Dll's and Ocx's soit bien cochée !!!
=> copie/colle le contenu du cadre ci dessous dans le cadre de gauche de OTMoveIt nommé Paste Standard List of Files/Folders to be moved.

C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL\
C:\Program Files\XP Antivirus\



=> Clique sur MoveIt! pour lancer la suppression.
=> Si OTMoveIt demande à redémarrer le pc, accepte.
=> Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.
=> Poste le rapport qui se trouve ici C:\_OTMoveIt\MovedFiles.txt\exemple 04232008_141450.log


Une aide à l'utilisation
>>> http://bibou0007.com/outils-specifiques ... t-t387.htm

DSS a installé hijackthis sur ton ordinateur relance le et clique sur

Image

recherche et coche les lignes suivantes si elles sont présentes

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKCU\..\Run: [e©ùýùàûïÎóÎÑøøñøôÞÊýùñûïÞó] C:\Program Files\XP Antivirus\xpa.exe

puis clique sur:

Image


télécharge et mets à jour malwarebytes

télécharge Ccleaner (ne valide pas la barre Yahoo à l'installation)

mets à jour Antivir

Passe Ccleaner en mode nettoyeur puis en mode registre. Accepte de faire la sauvegarde du registre. Lis le Tuto sur la fiche de téléchargement

passe en mode sans échec:
Le mode sans échec :
le-mode-sans-echecs-t354.html

et scanne ton ordi avec malwarebytes et antivir. conserve le rapport de Malwarebytes

relance DSS et poste son rapport et celui de Malwarebytes ......
Je ne donne pas d'aide en MP sinon à quoi servirait le forum.

Si un jour tu te sens inutile et déprimé, souviens-toi : un jour tu étais le spermatozoïde le plus rapide de tous.

:malelovies: Certaines personnes méritent d'être connues, non pour leur célébrité mais pour leur Grand Cœur ... :malelovies:
Avatar de l’utilisateur
Senosen
Admin. Logithèque
Admin. Logithèque
 
Années en tant que membre
 
Messages: 4231
Inscription: 23 Mar 2007, 00:32
Localisation: Carcassonne
Haut

Re: infection en rafale

Messagede ninette42 le 13 Juin 2008, 14:41

re,

le lien OTMovelt n'est pas bon : "page web introuvable".

----------- EDIT ------------

re,

ne te dérange pas, j'ai trouvé le lien chez Bibou

----------- EDIT ------------

re,
Voici le premier rapport OTMovelt

Folder C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL\ not found.
Folder C:\Program Files\XP Antivirus\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06132008_145018

----------- EDIT ------------

re,

le scan Malwarebytes doit être réalisé en "rapide" ou "complet" ?
Avatar de l’utilisateur
ninette42
flooder néophite
flooder néophite
 
Messages: 26
Inscription: 12 Juin 2008, 20:18
Localisation: région Franche-Comté
Haut

Re: infection en rafale

Messagede toaster_78 le 13 Juin 2008, 14:43

ninette42 a écrit:le scan Malwarebytes doit être réalisé en "rapide" ou "complet" ?

:0002: ninette,
Complet stp.
^^
Image
Avatar de l’utilisateur
toaster_78
Super-Moderator
Super-Moderator
 
Années en tant que membre
 
Messages: 3563
Inscription: 13 Nov 2007, 08:43
Localisation: Devant l'écran
Haut

Re: infection en rafale

Messagede ninette42 le 13 Juin 2008, 17:23

re,

Voici le rapport Malwarebytes :

:
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 851

18:07:51 13/06/2008
mbam-log-6-13-2008 (18-07-51).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 174323
Temps écoulé: 1 hour(s), 7 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Voici le rapport DSS :

:
Deckard's System Scanner v20071014.68
Run by André on 2008-06-13 18:18:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as André.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:22, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\André\Local Settings\Temporary Internet Files\Content.IE5\1BV7B90W\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANDR~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8836077550
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bw+0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0F2C4E8D-0F8B-4E31-A4C2-F1AD8C380C5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 21111 bytes

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 16:06:59 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-13 15:11:25 0 dr-h----- C:\Documents and Settings\André\Recent
2008-06-13 12:36:24 0 d-------- C:\Program Files\Trend Micro
2008-06-13 10:43:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-12 18:53:41 0 d-------- C:\Documents and Settings\LocalService\Mes documents
2008-06-12 18:52:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-06-12 18:52:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-12 14:54:14 139264 --a------ C:\WINDOWS\enef.exe
2008-06-08 01:04:07 0 d-------- C:\Program Files\Lavalys
2008-06-05 22:31:49 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-03 13:32:06 0 d-------- C:\Program Files\PIXELA
2008-05-17 16:43:26 0 d-------- C:\Documents and Settings\NINETTE\Application Data\GARMIN
2008-05-17 16:43:11 0 d-------- C:\Program Files\Garmin
2008-05-17 16:39:07 0 d-------- C:\Garmin
2008-05-16 10:18:23 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-05-16 10:13:36 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-05-13 16:45:20 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2008-06-13 18:12:00 0 d-------- C:\Documents and Settings\André\Application Data\OpenOffice.org2
2008-06-12 16:46:40 0 d-------- C:\Documents and Settings\André\Application Data\TmpRecentIcons
2008-06-12 16:34:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 20:25:52 0 d-------- C:\Program Files\Fichiers communs
2008-06-08 20:23:01 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-06-05 13:03:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 13:33:50 50 --a------ C:\AUTOEXEC.BAT
2008-05-16 10:19:20 0 d-------- C:\Program Files\IncrediMail
2008-05-15 16:58:56 445434 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-15 16:58:56 63854 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-12 10:35:29 0 d-------- C:\Program Files\Picasa2
2008-05-11 09:35:20 0 d-------- C:\Program Files\Java
2008-05-09 12:02:44 0 d-------- C:\Documents and Settings\André\Application Data\Real
2008-05-09 12:00:03 0 d-------- C:\Documents and Settings\André\Application Data\Talkback
2008-05-09 11:59:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-09 11:59:45 0 d-------- C:\Documents and Settings\André\Application Data\Mozilla
2008-05-09 11:59:30 0 d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-09 11:59:28 0 d-------- C:\Program Files\Fichiers communs\Real
2008-05-09 11:59:21 0 d-------- C:\Program Files\Real
2008-05-09 11:58:46 0 d-------- C:\Program Files\Google
2008-05-09 11:58:44 3948 --a------ C:\WINDOWS\mozver.dat
2008-05-05 11:17:26 68696 --a------ C:\WINDOWS\hpoins05.dat
2008-05-01 11:53:27 0 d-------- C:\Program Files\Harmony Assistant
2008-04-23 17:11:40 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-23 14:37:20 0 d-------- C:\Documents and Settings\André\Application Data\Malwarebytes
2008-04-23 14:24:12 3268 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-23 08:12:28 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-23 08:12:28 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-22 19:01:05 0 d-------- C:\Program Files\YesMessenger
2008-04-22 06:02:05 0 d-------- C:\Documents and Settings\André\Application Data\ACAMPREF
2008-04-17 12:00:17 0 d-------- C:\Documents and Settings\André\Application Data\Help
2008-04-17 11:59:17 0 d-------- C:\Program Files\Les Logiciels Alchimie
2008-04-14 19:32:27 0 d-------- C:\Program Files\Magentic
2008-04-14 19:28:11 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog