Antimalware Doctor à encore frappé

[kartatus]

Voici pour RSIT :

 

log>

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Wax at 2010-09-19 13:15:56

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 42 GB (35%) free of 119 GB

Total RAM: 3070 MB (61% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Norton Internet Security - Analyse système complète - Wax.job

C:\Windows\tasks\User_Feed_Synchronization-{2F7F9071-6C2F-4DB7-BBC4-18DBBB8412DE}.job

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-09-11 180224]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"jaogu"=C:\Users\Wax\jaogu.exe /h []

"Metropolis"=C:\Users\Wax\AppData\Local\Temp\sshnas21.dll,GetHandle []

"ASH24SXZ9S"=C:\Users\Wax\AppData\Local\Temp\Kj3.exe []

"xfhuk"=C:\Users\Wax\xfhuk.exe /g []

"buoen"=C:\Users\Wax\buoen.exe /t []

"muapiv"=C:\Users\Wax\muapiv.exe /d []

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

"weamug"=C:\Users\Wax\weamug.exe /i []

"teioq"=C:\Users\Wax\teioq.exe /V []

"viiquis"=C:\Users\Wax\viiquis.exe /f []

"fotox"=C:\Users\Wax\fotox.exe /b []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-04-10 413696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]

C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

\HWSetup.exe hwSetUP []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

NDSTray.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]

C:\Users\Wax\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe [2010-02-08 184320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]

C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

TOSCDSPD.EXE []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]

C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Camera Monitor SD.lnk]

C:\PROGRA~1\PIXELA\EVERIO~1\MBCAME~1.EXE [2009-08-06 541976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FirePod Control Panel.lnk]

C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2010-09-17 19:01:27 ----SD---- C:\kartatus

2010-09-17 19:01:19 ----D---- C:\Qoobox

2010-09-17 19:01:06 ----A---- C:\Windows\SWXCACLS.exe

2010-09-17 18:52:23 ----D---- C:\Windows\temp

2010-09-17 11:53:21 ----D---- C:\_OTM

2010-09-15 15:05:34 ----A---- C:\Windows\zip.exe

2010-09-15 15:05:34 ----A---- C:\Windows\SWSC.exe

2010-09-15 15:05:34 ----A---- C:\Windows\SWREG.exe

2010-09-15 15:05:34 ----A---- C:\Windows\sed.exe

2010-09-15 15:05:34 ----A---- C:\Windows\PEV.exe

2010-09-15 15:05:34 ----A---- C:\Windows\NIRCMD.exe

2010-09-15 15:05:34 ----A---- C:\Windows\MBR.exe

2010-09-15 15:05:34 ----A---- C:\Windows\grep.exe

2010-09-15 15:05:20 ----D---- C:\Windows\ERDNT

2010-09-14 22:41:26 ----A---- C:\Windows\system32\usp10.dll

2010-09-14 22:41:23 ----A---- C:\Windows\system32\spoolsv.exe

2010-09-14 22:41:20 ----A---- C:\Windows\system32\MP4SDECD.DLL

2010-09-14 22:41:14 ----A---- C:\Windows\system32\inetcomm.dll

2010-09-12 13:52:33 ----D---- C:\Program Files\trend micro

2010-09-12 13:52:32 ----D---- C:\rsit

2010-09-12 13:02:46 ----A---- C:\TDSSKiller.2.4.2.1_12.09.2010_13.02.46_log.txt

2010-09-07 19:17:04 ----A---- C:\Windows\system32\drivers\mbamcatchme.sys

2010-09-05 21:55:53 ----D---- C:\Program Files\PokerStars.FR

2010-09-04 01:14:51 ----D---- C:\Program Files\Winamax Poker

2010-08-22 14:39:12 ----A---- C:\Windows\system32\sqlite3_mod_rtree.dll

2010-08-22 14:39:12 ----A---- C:\Windows\system32\sqlite3_mod_impexp.dll

2010-08-22 14:39:11 ----A---- C:\Windows\system32\sqlite3_mod_fts3.dll

2010-08-22 14:39:11 ----A---- C:\Windows\system32\sqlite3_mod_extfunc.dll

2010-08-22 14:39:11 ----A---- C:\Windows\system32\sqlite3_mod_blobtoxy.dll

2010-08-22 14:39:11 ----A---- C:\Windows\ODBCINST.INI

2010-08-22 14:39:11 ----A---- C:\Windows\ODBC.INI

2010-08-20 03:10:17 ----D---- C:\Program Files\PostgreSQL

2010-08-20 03:03:56 ----D---- C:\Program Files\PokerTracker 3

 

======List of files/folders modified in the last 1 months======

 

2010-09-19 13:15:57 ----D---- C:\Windows\Prefetch

2010-09-19 07:02:16 ----SHD---- C:\System Volume Information

2010-09-18 15:51:41 ----D---- C:\Windows\system32\drivers

2010-09-18 15:43:39 ----D---- C:\Windows\Minidump

2010-09-18 15:43:31 ----D---- C:\Windows

2010-09-17 19:03:52 ----A---- C:\Windows\ntbtlog.txt

2010-09-17 19:03:50 ----D---- C:\Windows\System32

2010-09-17 18:50:14 ----D---- C:\Windows\AppPatch

2010-09-17 18:50:13 ----D---- C:\Program Files\Common Files

2010-09-17 18:38:11 ----SHD---- C:\$Recycle.Bin

2010-09-17 18:23:32 ----D---- C:\Windows\system32\drivers\etc

2010-09-17 18:23:10 ----RD---- C:\Program Files

2010-09-17 18:23:08 ----D---- C:\Windows\Tasks

2010-09-17 18:04:18 ----D---- C:\Windows\system32\Tasks

2010-09-17 14:20:51 ----D---- C:\Program Files\Mozilla Firefox

2010-09-15 17:37:18 ----D---- C:\Windows\system32\catroot2

2010-09-15 14:53:49 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-09-15 14:53:48 ----D---- C:\Windows\inf

2010-09-15 13:13:31 ----D---- C:\Windows\winsxs

2010-09-15 12:57:42 ----SHD---- C:\Windows\Installer

2010-09-15 12:57:30 ----HD---- C:\Config.Msi

2010-09-15 12:57:28 ----D---- C:\ProgramData\Microsoft Help

2010-09-15 12:54:22 ----A---- C:\Windows\system32\mrt.exe

2010-09-15 12:54:12 ----D---- C:\Windows\system32\catroot

2010-09-15 12:54:06 ----D---- C:\Program Files\Windows Mail

2010-09-12 12:12:38 ----D---- C:\Program Files\Microsoft Silverlight

2010-09-08 16:18:32 ----D---- C:\Users\Wax\AppData\Roaming\vlc

2010-09-08 15:54:52 ----D---- C:\Users\Wax\AppData\Roaming\gtk-2.0

2010-09-08 09:11:17 ----D---- C:\Windows\system

2010-09-07 22:20:05 ----RSD---- C:\Windows\Fonts

2010-09-07 20:18:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-09-07 17:55:47 ----D---- C:\Users\Wax\AppData\Roaming\BitTorrent

2010-08-30 22:55:47 ----D---- C:\Users\Wax\AppData\Roaming\dvdcss

2010-08-20 18:41:32 ----D---- C:\Program Files\Common Files\Adobe AIR

2010-08-20 03:11:41 ----RD---- C:\Users

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456]

R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 285184]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 100368]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-15 5068800]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-07-29 172032]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]

R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]

R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]

R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]

S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]

S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]

S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]

S3 catchme;catchme; \??\C:\Users\Wax\AppData\Local\Temp\catchme.sys []

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-09-01 14336]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 NETw3v32;Pilote de carte Intel® PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-19 2225664]

S3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 2216448]

S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]

S3 OXYGEN;Service for M-Audio Oxygen; C:\Windows\system32\DRIVERS\MAudioOxygen.sys [2010-03-04 112136]

S3 pae_1394;pae_1394; C:\Windows\System32\Drivers\pae_1394.sys [2007-10-09 123440]

S3 pae_avs;pae_avs; C:\Windows\System32\Drivers\pae_avs.sys [2007-10-09 51248]

S3 Saffire;Saffire; C:\Windows\System32\Drivers\Saffire.sys [2009-05-29 121344]

S3 SaffireAudio;Saffire Audio; C:\Windows\system32\drivers\SaffireAudio.sys [2009-05-29 21504]

S3 SaffireMidi;Saffire MIDI; C:\Windows\system32\drivers\SaffireMidi.sys [2009-05-29 27008]

S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]

S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []

S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]

S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]

S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]

S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-14 172032]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 OxygenAudioDevMon;Oxygen Audio Device Monitor; C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe [2010-03-04 1632776]

R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2007-06-29 53248]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 77824]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

 

-----------------EOF-----------------

 

 

et info >

info.txt logfile of random's system information tool 1.08 2010-09-12 13:53:06

 

======Uninstall list======

 

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x40c

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin

Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}

Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}

Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}

ALCATEL PC Suite V6.3.18-->"C:\Program Files\ALCATEL PC Suite\unins000.exe"

ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE

Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}

Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}

Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}

Assistant de connexion Windows Live ID-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

BitTorrent-->C:\Program Files\BitTorrent\uninst.exe

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x040c

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Configuration DivX-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com

Dealio Toolbar v4.0.2-->MsiExec.exe /X{C878CD69-85DB-426B-81A3-E71175AAEB91}

Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}

Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9

DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x40c

EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe

Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}

Everio MediaBrowser-->"C:\Program Files\InstallShield Installation Information\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}\setup.exe" -runfromtemp -l0x040cUNINSTALL -removeonly

Finale 2009-->C:\Program Files\Finale 2009\uninstallFinale.exe

Focusrite Plug-in Suite 1.0.3-->"C:\Program Files\Focusrite\Focusrite Plug-in Suite\unins000.exe"

Free Mp3 Wma Converter V 1.9-->"C:\Program Files\Free Audio Pack\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

GNU Solfege 3.10.3-->"C:\Program Files\GNU Solfege\unins000.exe"

Guitar Pro 6-->"C:\Program Files\Guitar Pro 6\unins000.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Officejet Pro K5300/5400 Series-->C:\Program Files\HP\Digital Imaging\{AD277ED4-7E41-4074-911D-D34AF41B9D49}\setup\hpzscr01.exe -datfile hpwscr06.dat

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Intel PROSet Wireless-->Intel PROSet Wireless

Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe

Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf

Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG

Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x040c -removeonly

Live 8.0.3-->C:\PROGRA~1\Ableton\LIVE80~1.3\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE80~1.3\Install\INSTALL.LOG

Logiciel Intel® PROSet/Wireless WiFi-->MsiExec.exe /I{72EEB695-388B-4835-8EA6-0C04545B06B9}

Ma-Config.com-->MsiExec.exe /X{494952B3-AA5A-486C-8495-6BF830962747}

Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

M-Audio Oxygen Driver 1.2.1 (x86)-->MsiExec.exe /X{80D3F817-2D33-4643-B900-64AE2C0C4745}

MFCDLL Shared Library - Retail Version-->MsiExec.exe /I{51D569E2-8A28-11D2-B962-006097C4DE24}

Microsoft ® C Runtime Library-->MsiExec.exe /I{51D569E0-8A28-11D2-B962-006097C4DE24}

Microsoft ® C++ Runtime Library-->MsiExec.exe /I{51D569E3-8A28-11D2-B962-006097C4DE24}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}

Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Module linguistique Microsoft .NET Framework 4 Client Profile FRA-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP

Mozilla Firefox (3.6.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 3.0-->MsiExec.exe /I{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

OpenOffice.org 3.2-->MsiExec.exe /I{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PokerStars.fr-->"C:\Program Files\PokerStars.FR\PokerStarsUninstall.exe" /u:PokerStars.fr

PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Reason 4.0.1-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"

Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x40c

Saffire MixControl 1.5-->"C:\Program Files\Focusrite\Saffire MixControl\unins000.exe"

Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}

Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb

Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb

SMAC 2.7-->C:\PROGRA~2\KLC\SMAC\UNWISE.EXE C:\PROGRA~2\KLC\SMAC\INSTALL.LOG

Steinberg Cubase 5-->MsiExec.exe /I{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}

Steinberg Drum Loop Expansion 01-->MsiExec.exe /I{490BF87E-1F75-4453-BF55-9F540543A3CA}

Steinberg Groove Agent ONE Content-->MsiExec.exe /I{BD86F1AC-B594-46E4-85DC-1258AC9E2232}

Steinberg HALionOne Additional Content Set 01-->MsiExec.exe /I{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}

Steinberg HALionOne Expression Set-->MsiExec.exe /I{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}

Steinberg HALionOne GM Drum Set-->MsiExec.exe /I{AC997F93-0757-4ED4-A701-F40C2D654D09}

Steinberg HALionOne GM Set-->MsiExec.exe /I{F057965A-D974-4C64-ADB1-4381CD4B8956}

Steinberg HALionOne Pro Set-->MsiExec.exe /I{D82CDA0D-C182-42C8-8FF2-5649C98D6003}

Steinberg HALionOne Studio Drum Set-->MsiExec.exe /I{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}

Steinberg HALionOne Studio Set-->MsiExec.exe /I{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}

Steinberg HALionOne-->MsiExec.exe /I{E70E7159-93B1-470D-9FBD-D8E9EF34B538}

Steinberg LoopMash Content-->MsiExec.exe /I{4D454CF8-12FD-464D-B57B-B46FE27B78BB}

Steinberg REVerence Content 01-->MsiExec.exe /I{532B917B-8235-4FA5-BE36-643A8BB053A5}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x040c

TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x40c

TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x040c uninstall

TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}

TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x040c -ADDREMOVE -removeonly

TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x040c

TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}

TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036

TOSHIBA Mot de passe responsable-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036

Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x040c -removeonly

TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}

TOSHIBA Software Modem-->Tosmreg -U

TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x040c

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

Video Download Capture V2.3.6-->"C:\Program Files\Apowersoft\Video Download Capture\unins000.exe"

VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"

VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamax Poker-->msiexec /qb /x {B191EEB9-AEA3-5D54-6645-47B57A6539BC}

Winamax Poker-->MsiExec.exe /I{B191EEB9-AEA3-5D54-6645-47B57A6539BC}

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

 

======Security center information======

 

AS: Windows Defender

 

======System event log======

 

Computer Name: PC-de-Wax

Event Code: 8003

Message: Le maître explorateur a reçu une annonce de serveur de l'ordinateur PC-DE-JMFC qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{3E2D6953-15E4-44A0-A445-C41039F. Le maître explorateur s'arrête ou une élection est provoquée.

Record Number: 164304

Source Name: bowser

Time Written: 20100309214335.050055-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 7000

Message: Le service TOSHIBA Bluetooth Service n'a pas pu démarrer en raison de l'erreur :

Le fichier spécifié est introuvable.

Record Number: 164246

Source Name: Service Control Manager

Time Written: 20100309155500.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 7000

Message: Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur :

Le chemin d'accès spécifié est introuvable.

Record Number: 164230

Source Name: Service Control Manager

Time Written: 20100309155500.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 7000

Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur :

Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

Record Number: 164221

Source Name: Service Control Manager

Time Written: 20100309155500.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 1

Message: Realtek PCIe FE Family Controller is disconnected from network.

Record Number: 164171

Source Name: RTL8169

Time Written: 20100309155354.462089-000

Event Type: Avertissement

User:

 

=====Application event log=====

 

Computer Name: PC-de-Wax

Event Code: 100

Message:

Record Number: 138496

Source Name: Bonjour Service

Time Written: 20100508124518.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 100

Message:

Record Number: 138495

Source Name: Bonjour Service

Time Written: 20100508124518.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 100

Message:

Record Number: 138494

Source Name: Bonjour Service

Time Written: 20100508124518.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 100

Message:

Record Number: 138493

Source Name: Bonjour Service

Time Written: 20100508124517.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Wax

Event Code: 100

Message:

Record Number: 138492

Source Name: Bonjour Service

Time Written: 20100508124517.000000-000

Event Type: Erreur

User:

 

=====Security event log=====

 

Computer Name: PC-de-Wax

Event Code: 1100

Message: Le service d’enregistrement des événements a été arrêté.

Record Number: 35957

Source Name: Microsoft-Windows-Eventlog

Time Written: 20100109151145.805000-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Wax

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

 

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 35956

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100109151143.594000-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Wax

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-WAX$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Type d’ouverture de session : 5

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x2f4

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 35955

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100109151143.594000-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Wax

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-WAX$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

 

Informations sur le processus :

ID du processus : 0x2f4

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Adresse du réseau : -

Port : -

 

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 35954

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100109151143.594000-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Wax

Event Code: 4647

Message: Fermeture de session initiée par l’utilisateur :

 

Sujet :

ID de sécurité : S-1-5-21-765559920-3715957557-1591802578-1000

Nom du compte : Wax

Domaine du compte : PC-de-Wax

ID d’ouverture de session : 0x43ce5

 

Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.

Record Number: 35953

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100109151142.278000-000

Event Type: Succès de l'audit

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"asl.log"=Destination=file;OnFirstLog=command,environment

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

 

-----------------EOF-----------------

[kartatus]

Alors je n'arrive pas à faire le scan de GMER. Il scan pendant 4min et après il cesse de fonctionner soudainement, alors que rien ne se passe. A mon deuxième essai, l'ordi a planter (écran bleu avec écriture noir, et j'ai vu un nom de fichier qui peut peut etre t'aider : kwldrpob.sys). Mon ordi s'est rallumé, et j'ai recommencé au démarrage, même chose.

Du coup, je sais pas si tu as une solution... Je recommence ?

[Thanos]

Laisse tomber le scan GMER: on retentera après ceci:

 

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc). (un d'eux porte la lettre G:\)

 

 

• Fais un clic droit sur OTM.exe pour lancer l'exécution de l'outil puis choisis Exécuter en tant qu'administrateur.
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :first
  
  :processes
  explorer.exe
  
  :files
  C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
  C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
  C:\Users\Wax\xaagut.exe 
  C:\Users\Wax\sbmgr.exe
  C:\Windows\SWXCACLS.exe
  C:\Windows\zip.exe
  C:\Windows\SWSC.exe
  C:\Windows\SWREG.exe
  C:\Windows\sed.exe
  C:\Windows\PEV.exe
  C:\Windows\NIRCMD.exe
  C:\Windows\MBR.exe
  C:\Windows\grep.exe
  G:\xaagut.exe
  G:\xaagutx.exe
  
  :folders
  C:\Qoobox
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "jaogu"=-
  "Metropolis"=-
  "ASH24SXZ9S"=-
  "xfhuk"=-
  "buoen"=-
  "muapiv"=-
  "weamug"=-
  "teioq"=-
  "viiquis"=-
  "fotox"=-
  
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
  
  :commands
  [emptytemp]
  [start explorer]
  [zipfiles]

  
  

• Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste Instructions for Items to be Moved" puis choisis Coller.
  
• Clique sur le bouton rouge MoveIt!
  
• Ferme OTM
  
• Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

[kartatus]

Voici le rapport. Je retente GMER maintenant ?

All processes killed

Error: Unable to interpret <:first> in the current context!

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.

C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.

File/Folder C:\Users\Wax\xaagut.exe not found.

File/Folder C:\Users\Wax\sbmgr.exe not found.

C:\Windows\SWXCACLS.exe moved successfully.

C:\Windows\zip.exe moved successfully.

C:\Windows\SWSC.exe moved successfully.

C:\Windows\SWREG.exe moved successfully.

C:\Windows\sed.exe moved successfully.

C:\Windows\PEV.exe moved successfully.

C:\Windows\NIRCMD.exe moved successfully.

C:\Windows\MBR.exe moved successfully.

C:\Windows\grep.exe moved successfully.

File/Folder G:\xaagut.exe not found.

File/Folder G:\xaagutx.exe not found.

Error: Unable to interpret <:folders> in the current context!

Error: Unable to interpret <C:\Qoobox> in the current context!

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jaogu deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASH24SXZ9S deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xfhuk deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\buoen deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\muapiv deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\weamug deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\teioq deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\viiquis deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fotox deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Wax

->Temp folder emptied: 53152190 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 53009987 bytes

->Flash cache emptied: 828 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 298068 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 102,00 mb

 

 

OTM by OldTimer - Version 3.1.16.1 log created on 09192010_142635

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

[Thanos]

Oui retente stp.

N'oublie pas de fermer les fenêtres de navigateur ouvertes et tout autre programme ouvert car le scan peut faire planter le pc. Désactive aussi l'antivirus temporairement (redémarre le après scan).

Pour lancer le programme, fais un clic droit sur GMER.exe puis choisis Exécuter en tant qu'administrateur.

[kartatus]

Ok, c'est bon (par contre je me demandais... je ne dois pas cocher les cases des disques E:\ et G:\ ??. Comme elles ne sont pas cocher à la base, je me suis dis que non, mais j'ai peut être tord ?)

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-19 16:36:40

Windows 6.0.6002 Service Pack 2

Running: nh9goyjc.exe; Driver: C:\Users\Wax\AppData\Local\Temp\kwldrpob.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 8CCD42AC ZwCreateThread

SSDT 8CCD4298 ZwOpenProcess

SSDT 8CCD429D ZwOpenThread

SSDT 8CCD42A7 ZwTerminateProcess

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!KeSetEvent + 221 824AE984 4 Bytes [AC, 42, CD, 8C] {LODSB ; INC EDX; INT 0x8c}

.text ntkrnlpa.exe!KeSetEvent + 3F1 824AEB54 4 Bytes [98, 42, CD, 8C] {CWDE ; INC EDX; INT 0x8c}

.text ntkrnlpa.exe!KeSetEvent + 40D 824AEB70 4 Bytes [9D, 42, CD, 8C] {POPF ; INC EDX; INT 0x8c}

.text ntkrnlpa.exe!KeSetEvent + 621 824AED84 4 Bytes [A7, 42, CD, 8C] {CMPSD ; INC EDX; INT 0x8c}

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD5D000, 0x4036D, 0xE8000020]

.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8ADA6000, 0x510, 0x40000040]

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA05000, 0x2D14E8, 0xE8000020]

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7389F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7389E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [738D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [738ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7389FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7389FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7392CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [738CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7389D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73896853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7389687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

[Thanos]

ouf!! le dernier rapport ne montre plus de fichiers infectés

par contre je me demandais... je ne dois pas cocher les cases des disques E:\ et G:\ ??. Comme elles ne sont pas cocher à la base, je me suis dis que non, mais j'ai peut être tord ?

non c'est bon: le lecteur système seul nous intéresse.

 

Comment se comporte le pc à présent ?

[kartatus]

Bonjour,

 

Alors mon pc à l'air de se comporter à peu près normalement, mis à part certaines dernières petites choses :

-mon défilement d'écran avec ma souris tactile ne marche plus

-mon antivirus et autres logiciels qui se mettent normalement à jour seuls ne veulent plus se mettre à jour, même quand c'est moi qui lance le processus.

- il y a toujours des programmes de démarrages bloqués par Windows.

 

Je peux donc branché mes nouvelles machine à travers mes ports usb sans avoir peur de l'infecté ?

 

Si tu as des solutions pour le reste, je suis preneur !!

 

Merci beaucoup en tout cas pour tout le travail que tu as fait !!

[Thanos]

- il y a toujours des programmes de démarrages bloqués par Windows.

de quels programmes s'agit-il ?

[kartatus]

Je n'arrive pas trop à voir. Mais j'ai désactivé windows defender, comme je donne la tâche de "protection contre les logiciels espions et autres programmes malveillants" à Avira. donc ça va peut etre resoudre... je te redis.

Mais pour le reste, tu as des idées ?