J'ai réussi a faire une analyse acev combofix avec la premiere adresse que tu ma envoyer alors voila ce que j'ai eu suite a l'analyse
2 texte
le premier:Deckard's System Scanner v20071014.68
Run by Cyber@ction on 2008-02-25 20:44:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-02-26 01:44:18 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-02-21 23:41:48 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
[color=red]Total Physical Memory: 255 MiB (512 MiB recommended)./color
-- HijackThis (run as Cyber@ction.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:52, on 2008-02-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Documents and Settings\Cyber@ction\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Cyber@ction.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B8323A7-A7D5-4B07-9EDA-9487BD91F0F5} - C:\WINDOWS\system32\oppqn.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {28b0417f-e94e-0eeb-d054-bc98efc477a6} - {6a774cfe-89cb-450d-bee0-e49ef7140b82} - C:\WINDOWS\system32\hudvbugt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [604d580e] rundll32.exe "C:\WINDOWS\system32\hqjfxepk.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: xxyxvus - xxyxvus.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 4448 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080208-143457-828 O24 - Desktop Component 0: (no name) -
backup-20080208-143457-927 O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S3 catchme - c:\docume~1\cyber@~1\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys <Not Verified; Efficient Networks, Inc.; Speedstream Ethernet USB Adapter>
S3 jfdcd - c:\docume~1\cyber@~1\locals~1\temp\jfdcd.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 W8335XP (IEEE 802.11g Wireless Cardbus/PCI Adapter HW51) - c:\windows\system32\drivers\mrv8000c.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
S3 ZSMC0305 (VIMICRO USB PC Camera V) - c:\windows\system32\drivers\usbvm305.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 McAfeeFramework (Service Framework McAfee) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 QCONSVC - system32\qconsvc.exe
S4 PLSRemoteSvc (PLSRemote Service) - c:\windows\system32\plsremote.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_05221014&REV_81\4&39A85202&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_05221014&REV_81\4&39A85202&0&40F0
Service: E100B
-- Scheduled Tasks -------------------------------------------------------------
2008-01-16 00:04:28 460 --a------ C:\WINDOWS\Tasks\BMMTask.job
-- Files created between 2008-01-25 and 2008-02-25 -----------------------------
2008-02-22 13:45:18 127008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 11:13:20 0 d-------- C:\VundoFix Backups
2008-02-21 17:04:32 0 dr-h----- C:\Documents and Settings\Cyber@ction\Recent
2008-02-07 21:28:12 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-07 21:27:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-07 21:26:51 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-02-07 21:23:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-07 21:22:57 0 d-------- C:\WINDOWS\Internet Logs
2008-02-07 20:32:50 0 d-------- C:\WINDOWS\ERUNT
2008-02-07 17:55:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 17:37:46 0 d-------- C:\Program Files\Trend Micro
2008-02-07 16:30:33 0 d-------- C:\WINDOWS\system32\fr-fr
2008-02-07 14:01:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-30 14:24:11 0 d-------- C:\Documents and Settings\All Users\Bureau
2008-01-30 12:09:28 0 d-------- C:\WINDOWS\system32\save$$updater
2008-01-29 23:02:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-29 23:02:12 0 d-------- C:\Documents and Settings\Cyber@ction\Application Data\PrevxCSI
2008-01-28 19:16:16 17794 --a------ C:\WINDOWS\War3Unin.dat
2008-01-28 19:16:10 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-01-28 19:16:10 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-01-28 18:25:48 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-01-28 18:25:45 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-01-28 18:25:44 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
-- Find3M Report ---------------------------------------------------------------
2008-02-09 18:14:29 0 d-------- C:\Program Files\Fichiers communs
2008-02-09 11:21:31 448428 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-02-09 11:21:31 64930 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-09 10:45:24 0 d-------- C:\Program Files\Azureus
2008-02-06 14:06:32 0 d-------- C:\Program Files\MSN Messenger
2008-01-31 13:37:11 4963 --a------ C:\WINDOWS\mozver.dat
2008-01-30 18:12:59 0 d-------- C:\Program Files\Steam
2008-01-28 21:01:22 0 d-------- C:\Program Files\Warcraft III
2008-01-24 13:20:06 0 d-------- C:\Program Files\CCleaner
2008-01-23 10:54:18 0 d-------- C:\Program Files\Starcraft
2008-01-23 10:51:30 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-01-23 10:48:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-21 20:46:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-16 12:41:47 0 d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-16 00:05:19 0 d-------- C:\Documents and Settings\Cyber@ction\Application Data\Azureus
2008-01-14 16:28:43 0 d-------- C:\Program Files\Windows Media Connect 2
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B8323A7-A7D5-4B07-9EDA-9487BD91F0F5}]
C:\WINDOWS\system32\oppqn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6a774cfe-89cb-450d-bee0-e49ef7140b82}]
C:\WINDOWS\system32\hudvbugt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TP4EX"="tp4ex.exe" [2002-09-03 18:05 C:\WINDOWS\system32\TP4EX.exe]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 15:32 C:\WINDOWS\system32\S3Tray2.exe]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2002-10-31 18:31]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 12:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-19 15:10 C:\WINDOWS\system32\irprops.cpl]
"StandardInstall"="" []
"604d580e"="C:\WINDOWS\system32\hqjfxepk.dll" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvus]
xxyxvus.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\oppqn
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-02-25 20:47:24 ------------
Etpuis le deuxième:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Pentium(R) M processor 1300MHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 254.92 MiB / 78.83 MiB
Pagefile Memory (total/avail): 625.11 MiB / 409 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.42 MiB
C: is Fixed (NTFS) - 34.28 GiB total, 20.2 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC25N040ATCS04-0 - 34.28 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 34.28 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.) [COLOR=RED]Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Cyber@ction\Application Data
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=DEADPOOL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Cyber@ction
LOGONSERVER=\\DEADPOOL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\GTK\2.0\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CYBER@~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CYBER@~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=DEADPOOL
USERNAME=Cyber@ction
USERPROFILE=C:\Documents and Settings\Cyber@ction
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Cyber@ction [I](admin)
Administrateur [I](admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Access IBM Message Center --> MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Agere Systems AC'97 Modem --> agrsmdel
alm --> MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Assistant IBM ThinkPad UltraNav --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE"
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Condition Zero Deleted Scenes --> "C:\Program Files\Steam\steam.exe" steam://uninstall/100
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Efficient Networks SpeedStream DSL --> C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
EMEA Wallpaper --> MsiExec.exe /I{8745DEAB-1126-42F5-9585-C66D5497B47B}
Fonction d'accessibilité du dispositif IBM TrackPoint --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Gestionnaire de présentation IBM ThinkPad --> C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
GTK+ 2.4.3 runtime environment --> "C:\Program Files\Fichiers communs\GTK\2.0\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IBM Access Connections --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x40c anything
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Rapid Restore PC Setup --> MsiExec.exe /X{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad EasyEject --> C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
McAfee VirusScan Enterprise --> MsiExec.exe /I{43D1F052-544F-468E-9944-3791243FF672}
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
Optimiseur de batterie et gestion de l'alimentation du ThinkPad --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
Programme d'installation de logiciels ThinkPad --> _tpiu000.exe /U
Programme de configuration IBM ThinkPad --> C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
Utilitaire de personnalisation du clavier IBM ThinkPad --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x40c anything
Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type6069 / Warning
Event Submitted/Written: 02/21/2008 05:06:35 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
La connexion au serveur est impossible. Erreur : 0x8007043C
Event Record #/Type6068 / Warning
Event Submitted/Written: 02/21/2008 05:06:07 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
La connexion au serveur est impossible. Erreur : 0x8007043C
Event Record #/Type6050 / Error
Event Submitted/Written: 02/11/2008 02:33:57 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Détecteur d'erreurs 126637809.
Event Record #/Type6049 / Error
Event Submitted/Written: 02/11/2008 02:33:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée iexplore.exe, version 6.0.2900.2180, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type6038 / Error
Event Submitted/Written: 02/09/2008 06:12:51 PM
Event ID/Source: 11705 / MsiInstaller
Event Description:
Produit : SPYWAREfighter -- Erreur 1705. Une installation de ce produit est déjà en cours. Vous devez annuler les modifications apportées par cette installation pour continuer. Voulez-vous annuler les modifications ?
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type32981 / Error
Event Submitted/Written: 02/25/2008 08:32:44 PM
Event ID/Source: 10021 / DCOM
Event Description:
Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.
Event Record #/Type32980 / Error
Event Submitted/Written: 02/25/2008 08:32:44 PM
Event ID/Source: 10021 / DCOM
Event Description:
Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.
Event Record #/Type32979 / Error
Event Submitted/Written: 02/25/2008 08:32:44 PM
Event ID/Source: 10021 / DCOM
Event Description:
Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.
Event Record #/Type32975 / Error
Event Submitted/Written: 02/25/2008 08:31:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type32974 / Error
Event Submitted/Written: 02/25/2008 08:27:54 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
AFD
Fips
IBMTPCHK
intelppm
IPSec
KLIF
MRxSmb
NetBIOS
NetBT
prodrv06
RasAcd
Rdbss
Smapint
Tcpip
TDSMAPI
TPHKDRV
TPPWR
TSMAPIP
vsdatant
-- End of Deckard's System Scanner: finished at 2008-02-25 20:47:24 ------------
Analyse usb en ligne
