kartatus

Euh j'ai copié le code que tu m'as écris, j'espère qu'il était déjà fini d'édité. All processes killed Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder C:\Users\Wax\teioq.exe not found. C:\Users\Wax\AppData\Local\Temp\Kj9.exe moved successfully. C:\Users\Wax\AppData\Local\Temp\Kke.exe moved successfully. C:\Users\Wax\AppData\Local\Temp\Kkg.exe moved successfully. C:\Users\Wax\AppData\Local\Temp\Kj1.exe moved successfully. File/Folder C:\Users\Wax\xaagut.exe not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348FE907-249E-4C65-A838-F34A193FE1D1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\@teioq not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tooamoq deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yaoujab deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\teapuy deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qeakie deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\boeofe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YXE7DXCQ37 not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xaagut deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnvqmrmv\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\juuez\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpodmuxx\ deleted successfully. Registry key KEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\luaeru\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvvoew\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediafix70700en02.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nzyit\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tooamoq\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wax\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56504 bytes User: Public User: Wax ->Temp folder emptied: 11860851 bytes ->Temporary Internet Files folder emptied: 3161671 bytes ->Java cache emptied: 2267831 bytes ->FireFox cache emptied: 54854405 bytes ->Flash cache emptied: 60670 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 35237056 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 89068 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 103,00 mb OTM by OldTimer - Version 3.1.16.1 log created on 09172010_115321 Files moved on Reboot... C:\Users\Wax\AppData\Local\Temp\sshnas21.dll moved successfully. Registry entries deleted on Reboot... C'est bon ? Euh sinon il y a toujours sbmgr.exe qui veut s'executer et qui fait une ":error" lorsque je refuse.

Ok, désolé : KJ9.exe Antivirus Version Last Update Result AhnLab-V3 2010.09.17.00 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 W32/Renos.A!Generic Avast 4.8.1351.0 2010.09.16 Win32:Dropper-gen Avast5 5.0.594.0 2010.09.16 Win32:Dropper-gen AVG 9.0.0.851 2010.09.16 Generic19.PVB BitDefender 7.2 2010.09.17 Trojan.Generic.KDV.37586 CAT-QuickHeal 11.00 2010.09.16 Win32.Packed.Katusha.n.5 ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6101 2010.09.16 - DrWeb 5.0.2.03300 2010.09.17 Trojan.Packed.189 Emsisoft 5.0.0.37 2010.09.17 Packed.Win32.Katusha.n!A2 eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7860 2010.09.16 Win32/Renos.D!generic F-Prot 4.6.1.107 2010.09.16 W32/Renos.A!Generic F-Secure 9.0.15370.0 2010.09.17 Trojan.Generic.KDV.37586 Fortinet 4.1.143.0 2010.09.16 W32/CodecPack.fam!tr.dldr GData 21 2010.09.17 Trojan.Generic.KDV.37586 Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2533 2010.09.16 Virus Kaspersky 7.0.0.125 2010.09.17 Packed.Win32.Katusha.n McAfee 5.400.0.1158 2010.09.16 Downloader-CEW.b McAfee-GW-Edition 2010.1C 2010.09.16 Heuristic.BehavesLike.Win32.Suspicious.H Microsoft 1.6201 2010.09.17 TrojanDownloader:Win32/Renos.LX NOD32 5456 2010.09.16 a variant of Win32/Kryptik.GUA Norman 6.06.06 2010.09.16 - nProtect 2010-09-16.02 2010.09.16 Trojan.Generic.KDV.37586 Panda 10.0.2.7 2010.09.16 - PCTools 7.0.3.5 2010.09.16 Trojan.FakeAV Prevx 3.0 2010.09.17 - Rising 22.65.03.04 2010.09.16 - Sophos 4.57.0 2010.09.16 Mal/FakeAV-CX Sunbelt 6884 2010.09.16 VirTool.Win32.Obfuscator.hg!b (v) SUPERAntiSpyware 4.40.0.1006 2010.09.17 Trojan.Agent/Gen-Fraudera Symantec 20101.1.1.7 2010.09.17 Trojan.FakeAV!gen29 TheHacker 6.7.0.0.020 2010.09.17 - TrendMicro 9.120.0.1004 2010.09.16 TROJ_FAKEAV.SMA5 TrendMicro-HouseCall 9.120.0.1004 2010.09.17 TROJ_FAKEAV.SMA5 VBA32 3.12.14.0 2010.09.16 Malware-Cryptor.Win32.Gron.2 ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.10.0 2010.09.16 - Additional information Show all MD5 : fc9656786f2bce470cf6ff8edd22aa41 SHA1 : 866d3d097b8701a8685f498354cc3ffa5a4ff206 SHA256: 63cea531fb8324bdd5e09b18f61b4acc1a23d86d7c0c274bd11c603cfc1bed4e ssdeep: 3072:Y1zpE+Qs0BLuJmiHKF4AkD+MDgYrfgyoygdP6N01jGGe+JJNSct:2nQF4QiHGna+MTr4yo y46GjE+J File size : 184832 bytes First seen: 2010-09-17 00:18:23 Last seen : 2010-09-17 00:18:23 Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Don HO don.h@free.fr copyright....: Daniels product......: Daniels description..: Daniels original name: Daniels.exe internal name: Daniels file version.: 1.2.7.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x3D93 timedatestamp....: 0x4A40C0C4 (Tue Jun 23 11:47:16 2009) machinetype......: 0x14C (Intel I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 CODE, 0x1000, 0x6A39, 0x6C00, 5.16, db0ef16bd197fcdfddefde2616e485c0 .rdata, 0x8000, 0x2072B, 0x20800, 7.44, 273a83dbfe0e3dc1a30044485327bd1c .data, 0x29000, 0xFA3D, 0x2C00, 4.79, 556c124a7f7a54d3a36ce01774c83946 .adata, 0x39000, 0x5B8, 0x600, 0.05, 12b467a11e981ac8096fa3f0cfd3120d .rsrc, 0x3A000, 0x2760, 0x2800, 3.53, 99c72d3e02bf9b3c9c9d6e2ceee0da28 [[ 9 import(s) ]] advapi32.dll: RegEnumKeyExA, GetLengthSid, RegOpenKeyExA comctl32.dll: ImageList_Write, ImageList_Add, ImageList_DrawEx, ImageList_Read, ImageList_DragShowNolock, ImageList_Draw, ImageList_GetBkColor, ImageList_Remove, ImageList_Destroy gdi32.dll: GetCurrentPositionEx, CreateDIBitmap, CreateCompatibleDC, GetObjectA, CreateDIBSection, CreateFontIndirectA, GetPaletteEntries, GetClipBox, CreatePenIndirect, SetBkColor kernel32.dll: SetFilePointer, ExitThread, GetModuleHandleA, lstrcmpiA, LoadLibraryA, GetProcAddress, VirtualAlloc, GetCurrentThreadId, GlobalDeleteAtom, lstrlenW, GetProcessHeap, GetDiskFreeSpaceA, CreateThread, ExitProcess, GetCommandLineA msvcrt.dll: tan, log10, abs ole32.dll: GetHGlobalFromStream, OleRegGetUserType, CoGetContextToken, CoCreateInstanceEx shlwapi.dll: SHEnumValueA, SHSetValueA, PathGetCharTypeA, SHDeleteKeyA, SHGetValueA, SHQueryValueExA, SHQueryInfoKeyA user32.dll: ShowWindow, CharLowerBuffA, GetKeyboardLayoutList, GetSysColor, GetMessagePos, GetPropA, CallNextHookEx, GetScrollRange, EnableScrollBar, MapVirtualKeyA, CreateIcon, WaitMessage, GetDesktopWindow, CallWindowProcA, SetWindowPlacement, SendMessageA, RedrawWindow, PeekMessageW, IsWindowEnabled, GetMenuItemCount, SetScrollInfo, PostQuitMessage version.dll: VerInstallFileA, VerFindFileA, GetFileVersionInfoA VT Community

Ok, le premier : Antivirus Version Last Update Result AhnLab-V3 2010.09.17.00 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 - Avast 4.8.1351.0 2010.09.16 - Avast5 5.0.594.0 2010.09.16 - AVG 9.0.0.851 2010.09.16 SHeur3.AZWE BitDefender 7.2 2010.09.17 - CAT-QuickHeal 11.00 2010.09.16 - ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6101 2010.09.16 - DrWeb 5.0.2.03300 2010.09.17 - Emsisoft 5.0.0.37 2010.09.17 - eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7860 2010.09.16 Win32/Vobfus.D!generic F-Prot 4.6.1.107 2010.09.16 - F-Secure 9.0.15370.0 2010.09.17 - Fortinet 4.1.143.0 2010.09.16 - GData 21 2010.09.17 - Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2533 2010.09.16 - Kaspersky 7.0.0.125 2010.09.16 Trojan.Win32.VBKrypt.fsc McAfee 5.400.0.1158 2010.09.16 - McAfee-GW-Edition 2010.1C 2010.09.16 - Microsoft 1.6201 2010.09.17 - NOD32 5456 2010.09.16 - Norman 6.06.06 2010.09.16 - nProtect 2010-09-16.02 2010.09.16 - Panda 10.0.2.7 2010.09.16 - PCTools 7.0.3.5 2010.09.16 - Prevx 3.0 2010.09.17 High Risk Cloaked Malware Rising 22.65.03.04 2010.09.16 - Sophos 4.57.0 2010.09.16 - Sunbelt 6884 2010.09.16 - SUPERAntiSpyware 4.40.0.1006 2010.09.17 Trojan.Agent/Gen-FakeAV Symantec 20101.1.1.7 2010.09.17 - TheHacker 6.7.0.0.020 2010.09.17 - TrendMicro 9.120.0.1004 2010.09.16 Mal_VBNA TrendMicro-HouseCall 9.120.0.1004 2010.09.17 Mal_VBNA VBA32 3.12.14.0 2010.09.16 - ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.10.0 2010.09.16 - Additional information Show all MD5 : cab1eea2c49aeec3f512e5df8e86b3a2 SHA1 : 41754d3dd8388f0739dc5042d803ecea8c41b6a7 SHA256: 4ebc54d73ac3dbc9c55e759c4e50afdfd12e1a64b7e2ceee1258d424d91cec8e ssdeep: 1536:LAutoLIq1noL9bZm6ViaEVrs9oHacTQDfqbxmuLw:sutoL7no30s9oHacgybxV File size : 135168 bytes First seen: 2010-09-17 00:15:17 Last seen : 2010-09-17 00:15:17 TrID: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: 7.87 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x11C8 timedatestamp....: 0x4C91C998 (Thu Sep 16 07:39:04 2010) machinetype......: 0x14c (I386) [[ 3 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x1EE60, 0x1F000, 5.51, e4003e88df8971d39e05b4a0f55f044a .data, 0x20000, 0x1ED8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .rsrc, 0x22000, 0x88C, 0x1000, 1.72, c8a2c207aedd4237a7b7f34a5450a38e [[ 1 import(s) ]] MSVBVM60.DLL: -, -, -, -, MethCallEngine, -, -, -, -, -, -, -, -, -, EVENT_SINK_AddRef, -, -, -, -, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - Prevx Info: Prevx Symantec reputation:Suspicious.Insight VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team et le second : 2010/09/12 13:02:46.0720 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/12 13:02:46.0721 ================================================================================ 2010/09/12 13:02:46.0721 SystemInfo: 2010/09/12 13:02:46.0721 2010/09/12 13:02:46.0721 OS Version: 6.0.6002 ServicePack: 2.0 2010/09/12 13:02:46.0721 Product type: Workstation 2010/09/12 13:02:46.0721 ComputerName: PC-DE-WAX 2010/09/12 13:02:46.0722 UserName: Wax 2010/09/12 13:02:46.0722 Windows directory: C:\Windows 2010/09/12 13:02:46.0722 System windows directory: C:\Windows 2010/09/12 13:02:46.0722 Processor architecture: Intel x86 2010/09/12 13:02:46.0722 Number of processors: 2 2010/09/12 13:02:46.0722 Page size: 0x1000 2010/09/12 13:02:46.0722 Boot type: Normal boot 2010/09/12 13:02:46.0722 ================================================================================ 2010/09/12 13:02:50.0330 Initialize success 2010/09/12 13:03:40.0668 ================================================================================ 2010/09/12 13:03:40.0668 Scan started 2010/09/12 13:03:40.0668 Mode: Manual; 2010/09/12 13:03:40.0668 ================================================================================ 2010/09/12 13:03:41.0528 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 2010/09/12 13:03:41.0707 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/09/12 13:03:41.0887 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/09/12 13:03:42.0259 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/09/12 13:03:42.0429 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/09/12 13:03:42.0573 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/09/12 13:03:42.0841 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/09/12 13:03:43.0051 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 2010/09/12 13:03:43.0647 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2010/09/12 13:03:43.0817 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/09/12 13:03:44.0086 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2010/09/12 13:03:44.0401 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2010/09/12 13:03:44.0608 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2010/09/12 13:03:44.0806 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/09/12 13:03:45.0006 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/09/12 13:03:45.0321 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys 2010/09/12 13:03:45.0717 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/09/12 13:03:46.0138 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/09/12 13:03:46.0492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/09/12 13:03:46.0795 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/09/12 13:03:46.0927 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys 2010/09/12 13:03:47.0595 AtiHdmiService (627a938ac02e8f1b348875242968fea8) C:\Windows\system32\drivers\AtiHdmi.sys 2010/09/12 13:03:48.0160 atikmdag (af1ea1ac528e796d242b0cac522291a8) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/09/12 13:03:50.0594 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 2010/09/12 13:03:50.0865 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/09/12 13:03:51.0016 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/09/12 13:03:52.0081 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys 2010/09/12 13:03:53.0198 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/09/12 13:03:53.0674 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/09/12 13:03:53.0948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/09/12 13:03:54.0397 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/09/12 13:03:54.0684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/09/12 13:03:54.0954 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/09/12 13:03:55.0088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/09/12 13:03:55.0446 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/09/12 13:03:55.0741 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/09/12 13:03:56.0211 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/09/12 13:03:56.0488 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/09/12 13:03:56.0774 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 2010/09/12 13:03:56.0923 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/09/12 13:03:57.0428 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/09/12 13:03:57.0686 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2010/09/12 13:03:57.0923 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2010/09/12 13:03:58.0249 CplIR (c3156b712e3873aad354f1696b2b2925) C:\Windows\system32\DRIVERS\CplIR.SYS 2010/09/12 13:03:58.0651 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/09/12 13:03:58.0847 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/09/12 13:03:59.0170 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/09/12 13:03:59.0941 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/09/12 13:04:00.0147 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2010/09/12 13:04:00.0904 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2010/09/12 13:04:01.0827 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2010/09/12 13:04:02.0206 driverhardwarev2 (c0bf8cd94c88b34fb324f4bd6dae544d) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2010/09/12 13:04:02.0474 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/09/12 13:04:02.0737 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/09/12 13:04:02.0882 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/09/12 13:04:03.0173 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/09/12 13:04:03.0470 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys 2010/09/12 13:04:03.0692 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/09/12 13:04:04.0206 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/09/12 13:04:04.0320 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/09/12 13:04:04.0475 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2010/09/12 13:04:04.0653 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/09/12 13:04:04.0866 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/09/12 13:04:05.0044 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/09/12 13:04:05.0308 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/09/12 13:04:05.0756 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/09/12 13:04:05.0979 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/09/12 13:04:06.0265 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2010/09/12 13:04:06.0586 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/09/12 13:04:06.0759 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/09/12 13:04:06.0992 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys 2010/09/12 13:04:07.0298 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/09/12 13:04:07.0493 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/09/12 13:04:07.0699 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/09/12 13:04:08.0346 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/09/12 13:04:08.0537 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/09/12 13:04:08.0862 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys 2010/09/12 13:04:08.0988 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/09/12 13:04:09.0256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/09/12 13:04:09.0535 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys 2010/09/12 13:04:09.0818 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2010/09/12 13:04:09.0901 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/09/12 13:04:10.0058 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/09/12 13:04:10.0293 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/09/12 13:04:10.0446 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/09/12 13:04:10.0657 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/09/12 13:04:10.0839 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2010/09/12 13:04:11.0016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/09/12 13:04:11.0139 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/09/12 13:04:11.0335 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/09/12 13:04:11.0554 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/09/12 13:04:11.0838 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/09/12 13:04:12.0081 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys 2010/09/12 13:04:12.0396 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys 2010/09/12 13:04:12.0736 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/09/12 13:04:13.0239 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/09/12 13:04:13.0740 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys 2010/09/12 13:04:14.0168 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/09/12 13:04:14.0497 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/09/12 13:04:14.0771 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/09/12 13:04:14.0963 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/09/12 13:04:15.0167 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/09/12 13:04:15.0344 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/09/12 13:04:15.0510 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/09/12 13:04:15.0681 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/09/12 13:04:15.0832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/09/12 13:04:15.0967 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/09/12 13:04:16.0086 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/09/12 13:04:16.0202 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/09/12 13:04:16.0279 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/09/12 13:04:16.0503 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/09/12 13:04:16.0717 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/09/12 13:04:17.0088 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/09/12 13:04:17.0836 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/09/12 13:04:18.0130 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2010/09/12 13:04:18.0267 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/09/12 13:04:18.0477 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 2010/09/12 13:04:18.0700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/09/12 13:04:18.0897 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/09/12 13:04:19.0150 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/09/12 13:04:19.0314 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/09/12 13:04:19.0517 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/09/12 13:04:19.0831 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/09/12 13:04:20.0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/09/12 13:04:20.0324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/09/12 13:04:20.0598 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/09/12 13:04:21.0223 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/09/12 13:04:21.0752 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/09/12 13:04:21.0948 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/09/12 13:04:22.0079 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/09/12 13:04:22.0366 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/09/12 13:04:22.0547 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/09/12 13:04:22.0709 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/09/12 13:04:22.0978 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/09/12 13:04:23.0665 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 2010/09/12 13:04:25.0356 NETw4v32 (c4f27ba95327b6441ca44ddcfb47562a) C:\Windows\system32\DRIVERS\NETw4v32.sys 2010/09/12 13:04:27.0947 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys 2010/09/12 13:04:29.0993 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/09/12 13:04:30.0987 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/09/12 13:04:32.0010 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/09/12 13:04:33.0011 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/09/12 13:04:35.0382 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/09/12 13:04:36.0291 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 2010/09/12 13:04:36.0556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/09/12 13:04:36.0868 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2010/09/12 13:04:37.0655 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/09/12 13:04:37.0831 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2010/09/12 13:04:38.0362 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/09/12 13:04:38.0546 OXYGEN (3e84953b8bbcea8c2176bcb85241c83d) C:\Windows\system32\DRIVERS\MAudioOxygen.sys 2010/09/12 13:04:38.0857 pae_1394 (4ed8eb3c2bbf16946aad64b1e69d408f) C:\Windows\system32\Drivers\pae_1394.sys 2010/09/12 13:04:39.0140 pae_avs (c7a2572abcca9069c2f79b01763ff58d) C:\Windows\system32\Drivers\pae_avs.sys 2010/09/12 13:04:39.0389 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2010/09/12 13:04:39.0646 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/09/12 13:04:40.0016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2010/09/12 13:04:40.0327 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/09/12 13:04:40.0489 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2010/09/12 13:04:40.0795 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/09/12 13:04:41.0233 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/09/12 13:04:41.0968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/09/12 13:04:42.0083 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/09/12 13:04:42.0284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/09/12 13:04:42.0418 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/09/12 13:04:43.0291 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/09/12 13:04:43.0574 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/09/12 13:04:43.0761 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/09/12 13:04:43.0899 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/09/12 13:04:44.0311 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/09/12 13:04:44.0556 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/09/12 13:04:44.0774 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/09/12 13:04:45.0024 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/09/12 13:04:45.0250 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2010/09/12 13:04:45.0602 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/09/12 13:04:45.0818 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/09/12 13:04:46.0123 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/09/12 13:04:46.0349 RTL8169 (8517ed042693ee6b616086b03c23ca7a) C:\Windows\system32\DRIVERS\Rtlh86.sys 2010/09/12 13:04:46.0513 Saffire (a5f8d1a8c980e0cfeca9286c4ec3323c) C:\Windows\system32\Drivers\Saffire.sys 2010/09/12 13:04:46.0842 SaffireAudio (878dc1df44e29342a33518c471f09f3c) C:\Windows\system32\drivers\SaffireAudio.sys 2010/09/12 13:04:47.0029 SaffireMidi (bb4594d16b21d251333fbb249bd36c17) C:\Windows\system32\drivers\SaffireMidi.sys 2010/09/12 13:04:47.0393 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/09/12 13:04:47.0689 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2010/09/12 13:04:48.0002 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/09/12 13:04:48.0280 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2010/09/12 13:04:48.0524 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2010/09/12 13:04:48.0793 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/09/12 13:04:48.0982 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/09/12 13:04:49.0210 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2010/09/12 13:04:49.0459 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/09/12 13:04:49.0792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/09/12 13:04:50.0132 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2010/09/12 13:04:50.0331 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2010/09/12 13:04:50.0568 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/09/12 13:04:50.0915 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/09/12 13:04:51.0212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/09/12 13:04:51.0461 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/09/12 13:04:52.0028 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/09/12 13:04:52.0625 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/09/12 13:04:53.0028 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/09/12 13:04:53.0310 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/09/12 13:04:53.0582 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/09/12 13:04:53.0973 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/09/12 13:04:54.0464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/09/12 13:04:54.0674 SynasUSB (e46088b882e6315518630e249ddf958c) C:\Windows\system32\drivers\SynasUSB.sys 2010/09/12 13:04:55.0121 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys 2010/09/12 13:04:55.0771 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/09/12 13:04:56.0893 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/09/12 13:04:57.0468 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/09/12 13:04:58.0513 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 2010/09/12 13:04:59.0344 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/09/12 13:05:00.0082 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/09/12 13:05:00.0814 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/09/12 13:05:01.0991 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/09/12 13:05:03.0099 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys 2010/09/12 13:05:03.0946 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 2010/09/12 13:05:04.0156 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys 2010/09/12 13:05:04.0545 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/09/12 13:05:04.0692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/09/12 13:05:04.0806 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/09/12 13:05:05.0434 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 2010/09/12 13:05:05.0608 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2010/09/12 13:05:06.0069 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/09/12 13:05:06.0459 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2010/09/12 13:05:06.0645 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/09/12 13:05:06.0787 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/09/12 13:05:06.0929 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/09/12 13:05:07.0059 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/09/12 13:05:07.0230 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2010/09/12 13:05:07.0361 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/09/12 13:05:07.0473 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/09/12 13:05:07.0605 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/09/12 13:05:07.0716 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/09/12 13:05:07.0858 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/09/12 13:05:07.0969 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/09/12 13:05:08.0111 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys 2010/09/12 13:05:08.0208 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/09/12 13:05:08.0321 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/09/12 13:05:08.0461 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2010/09/12 13:05:08.0589 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS 2010/09/12 13:05:08.0721 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys 2010/09/12 13:05:08.0875 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/09/12 13:05:09.0416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/09/12 13:05:09.0546 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2010/09/12 13:05:09.0672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/09/12 13:05:09.0811 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2010/09/12 13:05:09.0923 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/09/12 13:05:10.0042 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/09/12 13:05:10.0213 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/09/12 13:05:10.0873 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/09/12 13:05:11.0062 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/09/12 13:05:11.0219 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/09/12 13:05:11.0273 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/09/12 13:05:11.0483 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/09/12 13:05:11.0645 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/09/12 13:05:12.0249 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2010/09/12 13:05:12.0581 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/09/12 13:05:12.0814 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/09/12 13:05:13.0363 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/09/12 13:05:13.0780 ================================================================================ 2010/09/12 13:05:13.0780 Scan finished 2010/09/12 13:05:13.0780 ================================================================================ 2010/09/12 13:05:31.0542 Deinitialize success Encore bon courage...

Alors voici le rapport après 2 tentatives (à cause des fenetres internet explorer qui s'ouvre sans arrêt> mais c'est peut etre un autre problème et je devrais faire un autre poste, car ça n'arrête pas... ): GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-09-16 19:09:27 Windows 6.0.6002 Service Pack 2 Running: nh9goyjc.exe; Driver: C:\Users\Wax\AppData\Local\Temp\kwldrpob.sys ---- System - GMER 1.0.15 ---- SSDT 8B7F7BBC ZwCreateThread SSDT 8B7F7BA8 ZwOpenProcess SSDT 8B7F7BAD ZwOpenThread SSDT 8B7F7BB7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 824FC984 4 Bytes [bC, 7B, 7F, 8B] .text ntkrnlpa.exe!KeSetEvent + 3F1 824FCB54 4 Bytes [A8, 7B, 7F, 8B] {TEST AL, 0x7b; JG 0xffffffffffffff8f} .text ntkrnlpa.exe!KeSetEvent + 40D 824FCB70 4 Bytes [AD, 7B, 7F, 8B] .text ntkrnlpa.exe!KeSetEvent + 621 824FCD84 4 Bytes [b7, 7B, 7F, 8B] {MOV BH, 0x7b; JG 0xffffffffffffff8f} .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD56000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9F000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F608000, 0x2D14E8, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\wininit.exe[772] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\csrss.exe[784] KERNEL32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[788] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\services.exe[820] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text ... .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3040] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3040] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\System32\mobsync.exe[3080] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Windows\System32\mobsync.exe[3080] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3244] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Windows Media Player\wmplayer.exe[3276] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Program Files\Windows Media Player\wmplayer.exe[3276] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\Dwm.exe[3496] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Windows\system32\Dwm.exe[3496] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\Explorer.EXE[3512] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\taskeng.exe[3536] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Windows\system32\taskeng.exe[3536] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\RtHDVCpl.exe[3720] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Windows\RtHDVCpl.exe[3720] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3728] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\System32\rundll32.exe[3772] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Windows\System32\rundll32.exe[3772] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\WUDFHost.exe[3836] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3868] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3868] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\taskeng.exe[4716] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Users\Wax\Desktop\nh9goyjc.exe[5112] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5220] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Program Files\Internet Explorer\IEUser.exe[5720] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Program Files\Internet Explorer\IEUser.exe[5720] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Users\Wax\teioq.exe[5848] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] .text C:\Windows\system32\conime.exe[5900] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3] .text C:\Windows\system32\conime.exe[5900] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] ? C:\Windows\system32\svchost.exe[5928] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; .text C:\Windows\system32\svchost.exe[5928] kernel32.dll!TerminateThread 767041F7 1 Byte [C3] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DC7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E1A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DCBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DBF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DC75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DBE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DF8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DCDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DBFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DBFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DB71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E4CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DEC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DBD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DB6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DB687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DC2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExA] [0041A63A] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [0041A72E] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\WININET.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\WININET.dll [uSER32.dll!SetWindowPos] [0041A7E0] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shell32.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shell32.dll [uSER32.dll!SetWindowPos] [0041A7E0] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shell32.dll [uSER32.dll!ShowWindow] [0041A72E] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [00419E70] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExA] [00419D80] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!DialogBoxParamA] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!SetWindowPos] [00419F1E] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!SetWindowPos] [00419F1E] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!ShowWindow] [00419E70] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!MessageBoxIndirectW] [00419F84] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\CRYPT32.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!CreateWindowExA] [00418864] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!DialogBoxParamA] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SetWindowPos] [00418A02] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!ShowWindow] [00418954] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!MessageBoxIndirectW] [00418A68] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [00418954] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!SetWindowPos] [00418A02] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr) IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!HeapSetInformation] 81EC8B55 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 000134EC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!CreateActCtxW] 6A006A00 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 5C92E80F IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 45890000 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!lstrlenW] FC7D83FC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 330475FF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!InterlockedExchange] C77DEBC0 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] FFFED085 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 000128FF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetModuleHandleA] D0858D00 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 50FFFFFE IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetTickCount] 51FC4D8B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 005C65E8 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 08558B00 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] F4858D52 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 50FFFFFE IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 005257E8 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 08C48300 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 2C74C085 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ExitProcess] FED88D8B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 6A51FFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 15FF0000 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [00407008] C:\Windows\system32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation) IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!HeapFree] 558BFFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 15FF52FC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LocalFree] [00407004] C:\Windows\system32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation) IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!CloseHandle] FECC858B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 20EBFFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] FED0858D IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 8B50FFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!FreeLibrary] E851FC4D IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!Sleep] 00005C0C IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] A975C085 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 52FC558B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 700415FF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetLastError] C0330040 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ActivateActCtx] C35DE58B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 000134EC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 94850FFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__p__commode] E80F6A00 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_adjust_fdiv] 00005BE8 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__setusermatherr] 83F84589 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_amsg_exit] 75FFF87D IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_initterm] E9C03307 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!exit] 000000A8 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__p__fmode] FED085C7 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_exit] 0128FFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!memcpy] 858D0000 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!memset] FFFFFED0 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__set_app_type] F84D8B50 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 5BB8E851 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_except_handler4_common] 45C70000 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_controlfp] 000000FC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_cexit] 08558B00 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__wgetmainargs] F4858D52 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_XcptFilter] 50FFFFFE IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 08C48300 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 2074C085 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 3BFC4D8B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 1873104D IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 8BFC558B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 8D8B0C45 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FFFFFED8 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 8B900C89 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 8B50FFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] E851F84D IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00005B64 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] B575C085 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 52F8558B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 700415FF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 832DEBFC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 7C00147D IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlCopySid] 14458B25 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 8B0C4D8B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 6A528114 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 043A6800 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 15FF0000 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [00407008] C:\Windows\system32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation) IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] FECC8589 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 858BFFFF IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] FFFFFECC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerListen] C35DE58B IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] CCCCCCCC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] CCCCCCCC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 81EC8B55 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 000140EC IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 6A006A00 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 5B12E80F IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 45890000 IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] FC7D83FC ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@teioq C:\Users\Wax\teioq.exe /f ---- Files - GMER 1.0.15 ---- File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NAVBID3\dnserrordiagoff_webOC[1] 6884 bytes File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87CXEDLK\background_gradient[4] 453 bytes File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87CXEDLK\navcancl[2] 2724 bytes File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1FTJ75B\httpErrorPagesScripts[3] 7579 bytes File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUW2Z8U4\ErrorPageTemplate[3] 0 bytes ---- EOF - GMER 1.0.15 ---- Bon courage !!

Ca vient pas du fait que je change le nom du fichier par "kartatus.exe" ? (comme je comprends pas, je me pose surement des questions bête ^^)

Ca ne marche toujours pas Et puis impossible (avec ce que je connais (ctrl+del...)) d'eteindre mon ordi, sauf en le débranchant (ce qui ne doit pas être très bon, mais je peux attendre longtemps). Du coup là il m'a fait une sorte de vérification du système en redemarrant. Si tu as d'autres suggestions... J'ai aussi un nouveau cheval de troie qui m'embete : TRCrypt.XPACK.Gen2 (que je met en quarantaine sans arrêt du coup, mais ça change rien) > rapport ? Merci encore!

Ok je recommence. Mon pc est un toshiba, donc je refuse... je n'avais toujours pas arrêter l'analyse, j'esperais^^ J'espère que ça va marcher à présent .

En fait l'application sbmgr.exe veut se lancer même quand je n'ai encore rien fait... donc je l'ai refuser. l'analyse n'est toujours pas fini, et je pense que ce n'est pas normal. l'ordi se plante qd je commence à vouloir aller dans mes docs... on m'a aussi demandé si je voulais mettre a jour combofix, et j'ai dis plus tard, comme je ne sais pas vraiment d'ou ça venait (je deviens parano je sais^^) travaillez bien !!

ok j'ai rallumer mon ordi et il n'y a pas eu de problème. mais je remarque que qd je lance l'application kartatus.exe, une autre application sbmgr.exe veut s'ouvrir aussi (enfin je crois que ça a un rapport) et me demande d'autoriser ou non. je fais quoi? car en attendant, l'analyse n'a pas l'air de marcher...

salut, alors là j'écris d'un autre pc, car le miens est bloqué... en effet, ça fait 1H40 que l'analyse se fait, et je crois que le logiciel à été bloqué par windows (bloquage de programme au démarrage) ou quelque chose comme ça.du coup je ne sais pas trop quoi faire, comme je ne dois pas fermer la fenetre d'analyse. mon ordi est bloqué à moitié (car des trucs s'affiche encore, comme une demande de mise a jour de l'antivirus...), donc je n'ai pas accés à internet non plus. bref, si vous pouvez m'aider assez vite ça serait super !

Ok, merci beaucoup ! Alors voici premièrement mon rapport après analyse avec Malwarebytes' Anti-Malware : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4563 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 13/09/2010 19:56:30 mbam-log-2010-09-13 (19-56-30).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Elément(s) analysé(s): 348220 Temps écoulé: 2 heure(s), 36 minute(s), 35 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\Users\Wax\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Wax\rdoh.exe (P2P.Worm) -> Quarantined and deleted successfully. C:\Users\Wax\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Ensuite celui de RSIT(car je n'en trouve qu'un, celui de la barre des tâches. RSIT se ferme direct après avroi ouvert log ): LOG > Logfile of random's system information tool 1.08 (written by random/random) Run by Wax at 2010-09-14 18:06:36 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 43 GB (36%) free of 119 GB Total RAM: 3070 MB (66% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\Norton Internet Security - Analyse système complète - Wax.job C:\Windows\tasks\User_Feed_Synchronization-{2F7F9071-6C2F-4DB7-BBC4-18DBBB8412DE}.job C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-09-11 180224] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "tooamoq"=C:\Users\Wax\tooamoq.exe /F [] "yaoujab"=C:\Users\Wax\yaoujab.exe /h [] "teapuy"=C:\Users\Wax\teapuy.exe /B [] "qeakie"=C:\Users\Wax\qeakie.exe /s [] "boeofe"=C:\Users\Wax\boeofe.exe /v [] "YXE7DXCQ37"=C:\Users\Wax\AppData\Local\Temp\Kj1.exe [2010-09-12 219136] "xaagut"=C:\Users\Wax\xaagut.exe [2010-09-12 204800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-04-10 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnvqmrmv] C:\Users\Wax\AppData\Local\dykunhjsk\xxsqoeruqiw.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] \HWSetup.exe hwSetUP [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\juuez] C:\Users\Wax\juuez.exe /B [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpodmuxx] C:\Users\Wax\AppData\Local\fkswmttef\xjftikmuqiw.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos] C:\Users\Wax\AppData\Local\Temp\sshnas21.dll,AttachConsoleA [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\luaeru] C:\Users\Wax\luaeru.exe /H [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvvoew] C:\Users\Wax\lvvoew.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediafix70700en02.exe] C:\Users\Wax\AppData\Roaming\477C940EE40A93C9D5CFD9B6B01254A8\mediafix70700en02.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] NDSTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nzyit] C:\Users\Wax\nzyit.exe /t [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch] C:\Users\Wax\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe [2010-02-08 184320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tooamoq] C:\Users\Wax\tooamoq.exe /Q [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] TOSCDSPD.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wax] C:\Users\Wax\Wax.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Camera Monitor SD.lnk] C:\PROGRA~1\PIXELA\EVERIO~1\MBCAME~1.EXE [2009-08-06 541976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FirePod Control Panel.lnk] C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-09-12 13:52:33 ----D---- C:\Program Files\trend micro 2010-09-12 13:52:32 ----D---- C:\rsit 2010-09-12 13:02:46 ----A---- C:\TDSSKiller.2.4.2.1_12.09.2010_13.02.46_log.txt 2010-09-07 19:17:04 ----A---- C:\Windows\system32\drivers\mbamcatchme.sys 2010-09-07 18:05:42 ----D---- C:\Users\Wax\AppData\Roaming\477C940EE40A93C9D5CFD9B6B01254A8 2010-09-05 21:55:53 ----D---- C:\Program Files\PokerStars.FR 2010-09-04 01:14:51 ----D---- C:\Program Files\Winamax Poker 2010-08-22 14:39:12 ----A---- C:\Windows\system32\sqlite3_mod_rtree.dll 2010-08-22 14:39:12 ----A---- C:\Windows\system32\sqlite3_mod_impexp.dll 2010-08-22 14:39:11 ----A---- C:\Windows\system32\sqlite3_mod_fts3.dll 2010-08-22 14:39:11 ----A---- C:\Windows\system32\sqlite3_mod_extfunc.dll 2010-08-22 14:39:11 ----A---- C:\Windows\system32\sqlite3_mod_blobtoxy.dll 2010-08-22 14:39:11 ----A---- C:\Windows\ODBCINST.INI 2010-08-22 14:39:11 ----A---- C:\Windows\ODBC.INI 2010-08-20 03:10:17 ----D---- C:\Program Files\PostgreSQL 2010-08-20 03:03:56 ----D---- C:\Program Files\PokerTracker 3 ======List of files/folders modified in the last 1 months====== 2010-09-14 18:06:35 ----D---- C:\Windows\Temp 2010-09-14 17:02:22 ----D---- C:\Windows\system32\Tasks 2010-09-14 17:02:20 ----D---- C:\Windows\Tasks 2010-09-14 16:10:07 ----D---- C:\Windows\Prefetch 2010-09-13 17:08:03 ----D---- C:\Windows\System32 2010-09-13 17:08:03 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-09-13 17:08:02 ----D---- C:\Windows\inf 2010-09-12 13:52:33 ----RD---- C:\Program Files 2010-09-12 13:26:05 ----SHD---- C:\System Volume Information 2010-09-12 13:02:46 ----D---- C:\Windows\system32\drivers 2010-09-12 12:12:38 ----D---- C:\Program Files\Microsoft Silverlight 2010-09-11 15:30:26 ----SHD---- C:\Windows\Installer 2010-09-11 15:30:23 ----HD---- C:\Config.Msi 2010-09-08 16:18:32 ----D---- C:\Users\Wax\AppData\Roaming\vlc 2010-09-08 15:54:52 ----D---- C:\Users\Wax\AppData\Roaming\gtk-2.0 2010-09-08 09:11:23 ----D---- C:\Windows 2010-09-08 09:11:17 ----D---- C:\Windows\system 2010-09-08 01:57:46 ----D---- C:\Program Files\Dealio Toolbar 2010-09-07 22:20:05 ----RSD---- C:\Windows\Fonts 2010-09-07 20:18:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-09-07 19:57:38 ----D---- C:\Windows\Minidump 2010-09-07 17:55:47 ----D---- C:\Users\Wax\AppData\Roaming\BitTorrent 2010-08-30 22:55:47 ----D---- C:\Users\Wax\AppData\Roaming\dvdcss 2010-08-29 17:15:52 ----D---- C:\Windows\system32\catroot2 2010-08-20 18:41:32 ----D---- C:\Program Files\Common Files\Adobe AIR 2010-08-20 03:11:41 ----RD---- C:\Users 2010-08-17 16:17:48 ----D---- C:\Windows\pss ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456] R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 285184] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 100368] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-15 5068800] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-07-29 172032] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304] R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696] S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800] S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448] S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-09-01 14336] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Pilote de carte Intel® PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-19 2225664] S3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 2216448] S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736] S3 OXYGEN;Service for M-Audio Oxygen; C:\Windows\system32\DRIVERS\MAudioOxygen.sys [2010-03-04 112136] S3 pae_1394;pae_1394; C:\Windows\System32\Drivers\pae_1394.sys [2007-10-09 123440] S3 pae_avs;pae_avs; C:\Windows\System32\Drivers\pae_avs.sys [2007-10-09 51248] S3 Saffire;Saffire; C:\Windows\System32\Drivers\Saffire.sys [2009-05-29 121344] S3 SaffireAudio;Saffire Audio; C:\Windows\system32\drivers\SaffireAudio.sys [2009-05-29 21504] S3 SaffireMidi;Saffire MIDI; C:\Windows\system32\drivers\SaffireMidi.sys [2009-05-29 27008] S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2007-10-24 23288] S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [] S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848] S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392] S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072] S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-14 172032] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 OxygenAudioDevMon;Oxygen Audio Device Monitor; C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe [2010-03-04 1632776] R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2007-06-29 53248] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 77824] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- Voilà, j'espère que ça va tout de même t'aider (en attendant, mon antivirus (Avira) ne veut plus faire de mise à jour depuis le malware aussi). Merci pour votre gros gros boulot bénévole ! Heureusement qu'il y en a ! (je flatte pour avoir une réponse rapide ) non je blague, bon courage ! Kartatus Oups, il m'a fallu 10 sec pour trouver le fichier info... Le voici : info.txt logfile of random's system information tool 1.08 2010-09-12 13:53:06 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x40c 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7} Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002} Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} ALCATEL PC Suite V6.3.18-->"C:\Program Files\ALCATEL PC Suite\unins000.exe" ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE} Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A} Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1} Assistant de connexion Windows Live ID-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE BitTorrent-->C:\Program Files\BitTorrent\uninst.exe Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x040c CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Configuration DivX-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com Dealio Toolbar v4.0.2-->MsiExec.exe /X{C878CD69-85DB-426B-81A3-E71175AAEB91} Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E} Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9 DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x40c EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A} Everio MediaBrowser-->"C:\Program Files\InstallShield Installation Information\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}\setup.exe" -runfromtemp -l0x040cUNINSTALL -removeonly Finale 2009-->C:\Program Files\Finale 2009\uninstallFinale.exe Focusrite Plug-in Suite 1.0.3-->"C:\Program Files\Focusrite\Focusrite Plug-in Suite\unins000.exe" Free Mp3 Wma Converter V 1.9-->"C:\Program Files\Free Audio Pack\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" GNU Solfege 3.10.3-->"C:\Program Files\GNU Solfege\unins000.exe" Guitar Pro 6-->"C:\Program Files\Guitar Pro 6\unins000.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Officejet Pro K5300/5400 Series-->C:\Program Files\HP\Digital Imaging\{AD277ED4-7E41-4074-911D-D34AF41B9D49}\setup\hpzscr01.exe -datfile hpwscr06.dat Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel PROSet Wireless-->Intel PROSet Wireless Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x040c -removeonly Live 8.0.3-->C:\PROGRA~1\Ableton\LIVE80~1.3\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE80~1.3\Install\INSTALL.LOG Logiciel Intel® PROSet/Wireless WiFi-->MsiExec.exe /I{72EEB695-388B-4835-8EA6-0C04545B06B9} Ma-Config.com-->MsiExec.exe /X{494952B3-AA5A-486C-8495-6BF830962747} Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" M-Audio Oxygen Driver 1.2.1 (x86)-->MsiExec.exe /X{80D3F817-2D33-4643-B900-64AE2C0C4745} MFCDLL Shared Library - Retail Version-->MsiExec.exe /I{51D569E2-8A28-11D2-B962-006097C4DE24} Microsoft ® C Runtime Library-->MsiExec.exe /I{51D569E0-8A28-11D2-B962-006097C4DE24} Microsoft ® C++ Runtime Library-->MsiExec.exe /I{51D569E3-8A28-11D2-B962-006097C4DE24} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Module linguistique Microsoft .NET Framework 4 Client Profile FRA-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP Mozilla Firefox (3.6.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 3.0-->MsiExec.exe /I{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} OpenOffice.org 3.2-->MsiExec.exe /I{4EE2EF4B-25D3-4D44-8384-A2B96F811F55} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PokerStars.fr-->"C:\Program Files\PokerStars.FR\PokerStarsUninstall.exe" /u:PokerStars.fr PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224} QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Reason 4.0.1-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe" Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x40c Saffire MixControl 1.5-->"C:\Program Files\Focusrite\Saffire MixControl\unins000.exe" Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA} Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb SMAC 2.7-->C:\PROGRA~2\KLC\SMAC\UNWISE.EXE C:\PROGRA~2\KLC\SMAC\INSTALL.LOG Steinberg Cubase 5-->MsiExec.exe /I{4A19D6AC-ADE0-4A07-80FF-9C9812C45557} Steinberg Drum Loop Expansion 01-->MsiExec.exe /I{490BF87E-1F75-4453-BF55-9F540543A3CA} Steinberg Groove Agent ONE Content-->MsiExec.exe /I{BD86F1AC-B594-46E4-85DC-1258AC9E2232} Steinberg HALionOne Additional Content Set 01-->MsiExec.exe /I{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71} Steinberg HALionOne Expression Set-->MsiExec.exe /I{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2} Steinberg HALionOne GM Drum Set-->MsiExec.exe /I{AC997F93-0757-4ED4-A701-F40C2D654D09} Steinberg HALionOne GM Set-->MsiExec.exe /I{F057965A-D974-4C64-ADB1-4381CD4B8956} Steinberg HALionOne Pro Set-->MsiExec.exe /I{D82CDA0D-C182-42C8-8FF2-5649C98D6003} Steinberg HALionOne Studio Drum Set-->MsiExec.exe /I{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB} Steinberg HALionOne Studio Set-->MsiExec.exe /I{D23CBFDA-C46B-4920-BA70-FC7878A3F05A} Steinberg HALionOne-->MsiExec.exe /I{E70E7159-93B1-470D-9FBD-D8E9EF34B538} Steinberg LoopMash Content-->MsiExec.exe /I{4D454CF8-12FD-464D-B57B-B46FE27B78BB} Steinberg REVerence Content 01-->MsiExec.exe /I{532B917B-8235-4FA5-BE36-643A8BB053A5} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x040c TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x40c TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x040c uninstall TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x040c -ADDREMOVE -removeonly TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x040c TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036 TOSHIBA Mot de passe responsable-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036 Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x040c -removeonly TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7} TOSHIBA Software Modem-->Tosmreg -U TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x040c Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Video Download Capture V2.3.6-->"C:\Program Files\Apowersoft\Video Download Capture\unins000.exe" VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive" VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamax Poker-->msiexec /qb /x {B191EEB9-AEA3-5D54-6645-47B57A6539BC} Winamax Poker-->MsiExec.exe /I{B191EEB9-AEA3-5D54-6645-47B57A6539BC} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: PC-de-Wax Event Code: 8003 Message: Le maître explorateur a reçu une annonce de serveur de l'ordinateur PC-DE-JMFC qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{3E2D6953-15E4-44A0-A445-C41039F. Le maître explorateur s'arrête ou une élection est provoquée. Record Number: 164304 Source Name: bowser Time Written: 20100309214335.050055-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 7000 Message: Le service TOSHIBA Bluetooth Service n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 164246 Source Name: Service Control Manager Time Written: 20100309155500.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 7000 Message: Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : Le chemin d'accès spécifié est introuvable. Record Number: 164230 Source Name: Service Control Manager Time Written: 20100309155500.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 7000 Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 164221 Source Name: Service Control Manager Time Written: 20100309155500.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 1 Message: Realtek PCIe FE Family Controller is disconnected from network. Record Number: 164171 Source Name: RTL8169 Time Written: 20100309155354.462089-000 Event Type: Avertissement User: =====Application event log===== Computer Name: PC-de-Wax Event Code: 100 Message: Record Number: 138496 Source Name: Bonjour Service Time Written: 20100508124518.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 100 Message: Record Number: 138495 Source Name: Bonjour Service Time Written: 20100508124518.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 100 Message: Record Number: 138494 Source Name: Bonjour Service Time Written: 20100508124518.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 100 Message: Record Number: 138493 Source Name: Bonjour Service Time Written: 20100508124517.000000-000 Event Type: Erreur User: Computer Name: PC-de-Wax Event Code: 100 Message: Record Number: 138492 Source Name: Bonjour Service Time Written: 20100508124517.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: PC-de-Wax Event Code: 1100 Message: Le service d’enregistrement des événements a été arrêté. Record Number: 35957 Source Name: Microsoft-Windows-Eventlog Time Written: 20100109151145.805000-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Wax Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 35956 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100109151143.594000-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Wax Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-WAX$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2f4 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 35955 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100109151143.594000-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Wax Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-WAX$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x2f4 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 35954 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100109151143.594000-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Wax Event Code: 4647 Message: Fermeture de session initiée par l’utilisateur : Sujet : ID de sécurité : S-1-5-21-765559920-3715957557-1591802578-1000 Nom du compte : Wax Domaine du compte : PC-de-Wax ID d’ouverture de session : 0x43ce5 Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session. Record Number: 35953 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100109151142.278000-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "asl.log"=Destination=file;OnFirstLog=command,environment "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF-----------------

Bonjour, Voilà, je suis moi aussi victime d'infection par le malware "Antimalware Doctor" J'ai donc fait ceci : - télécharger MBAM et fait un examen complet de mon ordinateur (sauf que comme j'avais oublié de connecter mes clés usb et mon disque dur externe qui avaient été branché pendant l'infection, je recommence en ce moment même). Je posterais donc le rapport. - J'ai désactiver mon antivirus (pour éviter les "interferences" avec d'autres logiciels que nous allons utiliser)> Avira Antivir - J'ai décocher les cases qui ressemblait à celle du malware dans Execut > msconfig > démarrage Du coup, j'aimerais que quelqu'un puisse s'occuper de mon cas, comme je ne sais pas si je rentrerais dans celui des autres après lecture de mon rapport de MBAM. En attendant mon prochain post, n'hésitez pas à me dire si j'ai fait quelque chose de mal. En espérant bientôt être guéri... Merci d'avance