eradication malware

Krabs76 · le 8 juillet 2008

Bonjour Thanos,

voici les deux rapports fait par DDS.

Ton avis ??

par contre , il a refuser d'installer hijackthis.

file appeler main.txt

Deckard's System Scanner v20071014.68

Run by marie on 2008-07-08 13:42:19

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

72: 2008-07-08 11:42:21 UTC - RP203 - Deckard's System Scanner Restore Point

71: 2008-07-04 13:15:14 UTC - RP202 - Point de vérification système

70: 2008-07-03 12:19:18 UTC - RP201 - Point de vérification système

69: 2008-07-02 00:05:29 UTC - RP200 - Point de vérification système

68: 2008-06-30 23:30:05 UTC - RP199 - Point de vérification système

-- First Restore Point --

1: 2008-04-21 17:12:36 UTC - RP132 - Point de vérification système

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-07-08 13:44:14

Platform: Windows XP Service Pack 1 (5.01.2600)

MSIE: Internet Explorer (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\marie\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mon-accueil.com/96459-1210799991

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Liens apparentés - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm

O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} () - http://copainsdavant.linternaute.com/html_...geUploader5.cab

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN

--

End of file - 9844 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 EraserUtilRebootDrv - c:\program files\fichiers communs\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)

S3 NAVENG - c:\progra~1\fichie~1\symant~1\virusd~1\20080421.003\naveng.sys (file missing)

S3 NAVEX15 - c:\progra~1\fichie~1\symant~1\virusd~1\20080421.003\navex15.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Contrôleur d'interruptions systèmes

Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05

Manufacturer:

Name: Contrôleur d'interruptions systèmes

PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Contrôleur vidéo (compatible VGA)

Device ID: PCI\VEN_1106&DEV_3343&SUBSYS_81CE1043&REV_01\4&17F55CA6&0&0008

Manufacturer:

Name: Contrôleur vidéo (compatible VGA)

PNP Device ID: PCI\VEN_1106&DEV_3343&SUBSYS_81CE1043&REV_01\4&17F55CA6&0&0008

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\ATK0110\1010110

Manufacturer:

Name:

PNP Device ID: ACPI\ATK0110\1010110

Service:

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-06-28 10:46:36 0 d-------- C:\Program Files\McDonaldsDragons

2008-06-28 10:46:00 0 d--hs---- C:\WINDOWS\ftpcache

2008-06-13 21:50:56 21320 --a------ C:\Documents and Settings\marie\Application Data\GDIPFONTCACHEV1.DAT

-- Find3M Report ---------------------------------------------------------------

2008-06-27 09:29:33 0 d-------- C:\Documents and Settings\marie\Application Data\OpenOffice.org2

2008-06-26 12:25:15 0 d-------- C:\Program Files\eMule

2008-06-17 13:51:17 0 d-------- C:\Program Files\Dofus

2008-06-12 13:41:30 0 d-------- C:\Program Files\LM Version-2.5-F

2008-05-28 14:58:03 0 d-------- C:\Documents and Settings\marie\Application Data\Image Zone Express

2008-05-25 14:49:47 0 d-------- C:\Documents and Settings\marie\Application Data\GanymedeNet

2008-05-24 22:52:31 0 d-------- C:\Program Files\Ganymede

2008-05-12 08:37:45 0 d-------- C:\Program Files\AxBx

2008-05-12 08:32:44 0 d-------- C:\Program Files\Fichiers communs

2008-05-11 22:44:56 0 d-------- C:\Documents and Settings\marie\Application Data\Ahead

2008-05-09 00:24:46 37888 --a------ C:\WINDOWS\System32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>

2008-05-09 00:24:46 753664 --a------ C:\WINDOWS\System32\NTSpool.exe

2008-05-08 11:59:50 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared

2008-05-08 11:41:53 0 d-------- C:\Program Files\ma-config.com

2008-05-08 11:41:53 0 d-------- C:\Documents and Settings\marie\Application Data\ma-config.com

2008-05-08 11:41:32 0 d-------- C:\Program Files\Symantec

2008-05-08 11:41:29 0 d-------- C:\Program Files\Norton AntiVirus

2008-05-08 11:38:38 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 16:21 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 10:11]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 16:35]

"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 11:22]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 02:41]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [09/01/2007 23:59]

"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [14/01/2007 01:11]

"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [07/03/2008 17:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [07/09/2002 02:00]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:55]

"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [15/11/2004 16:18]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [16/04/2008 12:16]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 09:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

"NTSpool"=NTSpool.exe

"Windows Printing Driver"=WinPrint.exe

-- End of Deckard's System Scanner: finished at 2008-07-08 13:44:38 ------------

File appeler extra.txt

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 1.0

Architecture: X86; Language: French

CPU 0: Intel® Celeron® CPU 2.66GHz

Percentage of Memory in Use: 60%

Physical Memory (total/avail): 446.42 MiB / 178.2 MiB

Pagefile Memory (total/avail): 1057.5 MiB / 841.47 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1928.96 MiB

C: is Fixed (NTFS) - 55 GiB total, 13.07 GiB free.

D: is Fixed (NTFS) - 97.65 GiB total, 18.9 GiB free.

E: is CDROM (No Media)

F: is CDROM (No Media)

G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 - 152.66 GiB - 2 partitions

\PARTITION0 (bootable) - Système de fichiers installable - 55 GiB - C:

\PARTITION1 - Système de fichiers installable - 97.65 GiB - D:

\\.\PHYSICALDRIVE1 - HP Photosmart C3180 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\marie\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Fichiers communs

COMPUTERNAME=C-R7TZKA1AGL8FF

ComSpec=C:\WINDOWS\system32\cmd.exe

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\marie

LOGONSERVER=\\C-R7TZKA1AGL8FF

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0409

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\marie\LOCALS~1\Temp

TMP=C:\DOCUME~1\marie\LOCALS~1\Temp

USERDOMAIN=C-R7TZKA1AGL8FF

USERNAME=marie

USERPROFILE=C:\Documents and Settings\marie

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

marie (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

Barre d'outils MSN --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c

ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}

Correctif Windows XP - KB822603 --> C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe

Correctif Windows XP - KB835732 --> C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe

Correctif Windows XP - KB842773 --> C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe

Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Correctif Windows XP - KB892944 --> "C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.exe"

Correctif Windows XP - KB911567 --> "C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"

Correctif Windows XP - KB918439 --> "C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"

Correctif Windows XP - KB918899 --> "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"

Correctif Windows XP - KB925486 --> "C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"

Dofus 1.24.0 --> C:\Program Files\Dofus\uninstall.exe

eMule --> "C:\Program Files\eMule\Uninstall.exe"

GameDesire-Pool & Snooker --> C:\Program Files\Ganymede\billiards_uninstall.exe

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe

HijackThis 1.99.1 --> C:\DOCUME~1\marie\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe /uninstall

HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}

Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}

LM 2.5 --> C:\Program Files\LM Version-2.5-F\Désintallation de la Lanterne Magique.exe

Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}

Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB904706) -->

Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905495) --> "C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914798) -->

Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB835409) --> "C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}

Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X

Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}

Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}

Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}

OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

OpenOffice.org 2.4 --> MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}

SLD Codec Pack --> C:\Program Files\SLD Codec Pack\uninstall.exe

SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly

SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

VideoEgg Publisher --> C:\Documents and Settings\marie\Application Data\VideoEgg\Uninstall.exe

VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe

VirusKeeper 2008 Pro Evaluation --> "C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\unins000.exe"

Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

-- Application Event Log -------------------------------------------------------

Event Record #/Type8250 / Success

Event Submitted/Written: 07/08/2008 00:28:51 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8246 / Warning

Event Submitted/Written: 07/08/2008 00:22:53 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x800706BA

Event Record #/Type8245 / Warning

Event Submitted/Written: 07/08/2008 00:22:53 PM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Échec de détection du produit '{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}', fonctionnalité 'Complete' lors de la demande du composant '{30466A58-8174-4ED4-9171-A4D739E84E3A}'

Event Record #/Type8244 / Warning

Event Submitted/Written: 07/08/2008 00:22:53 PM

Event ID/Source: 1004 / MsiInstaller

Event Description:

Échec de détection du produit '{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}', fonctionnalité 'Complete', composant '{92D0FADC-13B9-416D-9A79-CAE7FF75EFF6}. La ressource 'C:\Program Files\Fichiers communs\Symantec Shared\Help\CCLGVIEW.CHM' n'existe pas

Event Record #/Type8242 / Warning

Event Submitted/Written: 07/08/2008 00:22:52 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x800706BA

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type23376 / Error

Event Submitted/Written: 07/08/2008 00:37:36 PM

Event ID/Source: 7000 / Service Control Manager

Event Description: