Bonsoir à tous, Comme beaucoup de personne je viens de faire un scan avec Hijackthis, a croire que c'est la mode lol. Je n'ai pas de problème avec mon PC mais peut être que dans ce charabia quelqu'un verras un petit défault, donc voici mon log et merci a ceux qui le liront a fin de résoudre tout problème si il y a. ;) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:43:28, on 01/09/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {00e71626-0bef-11dc-8314-0800200c9a66} - (no file) O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD88DEB8-6213-4BF3-B673-FCD554128948}: NameServer = 192.168.1.1,192.168.1.1 O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - (no file) O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

Encore un log hijackthis ^^ [Résolu]

Réponse 1 / 21

Utilisateur anonyme
2 sept. 2010 à 04:40

Salut

* Bienvenue sur CCM !
* N'ouvre pas d'autres sujets pour le même problème >> sur ce forum ou sur un autre
* Ensemble nous allons essayer de régler ton problème .

on va approfondir !!

* Télécharge ZHPDiag (de Nicolas coolman)

* ZHPDiag est un outil de diagnostic (Réalisé par Nicolas Coolman) .
Le logiciel permet d'effectuer un diagnostic rapide et complet de son système d'exploitation plus complet qu un rapport d'HijackThis
Il scrute ta Base de Registre et énumère les zones sensibles qui sont susceptibles d'être infectées.

ICI >> ZHPDiag (de Nicolas coolman)

* Une fois le téléchargement achevé,
* double clique sur ZHPDiag.exe et suis les instructions.
* /!\Utilisateurs de Windows Vista et Windows 7
* >> Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »
* Laisse toi guider lors de l'installation,
* coche >> créer une icône sur le bureau
* il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport

Membre Contributeur sécurité CCM
Windows Vista // Windows XP

Utilisateur anonyme
3 sept. 2010 à 12:08

Bonjour VIRUS-C-C

désolé pour ce petit retard, je me trouve en guyane donc bjr le décalage horaire ;)

Voici comme prévue l'adresse du lien de mon scan fait avec ZHPDiag:

http://www.cijoint.fr/cjlink.php?file=cj201009/cijmvMfMrs.txt

Réponse 2 / 21

Utilisateur anonyme
Modifié par VIRUS-C-C le 3/09/2010 à 18:12

Salut

lis bien

1)* Télécharge Defogger (de jpshortstuff) sur ton Bureau
ICI >> Defogger (de jpshortstuff)
* Lance le
* Pour Windows Vista et Windows 7,
* faire un clic droit et >> Exécuter en tant qu'administrateur.
* Une fenêtre apparait : clique sur "Disable"
* Fais redémarrer l'ordinateur si l'outil te le demande
* Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

aprés

2) /!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

* Télécharges >> mbr.exe de Gmer
* >> mbr.exe de Gmer
* Double-cliquez sur mbr.exe..
* une fenêtre noire va s'ouvrir et se refermer.
* Un rapport sera généré mbr.log,
* Poste le rapport

ensuite

3) * Télécharge GMER Rootkit Scanner :

* GMER est l'un des meilleurs scanneurs rootkits actuels.
* Il est capable de détecter la casi totalité des rootkits.

>> gmer

* Ferme également toutes les applications actives dont ton navigateur.
* Clique sur le bouton "Download EXE"
* Sauvegarde-le sur ton Bureau.
* Double-clique sur l'exécutable téléchargé .
* sous Vista , clic droit sur l'exécutable et choisir exécuter en tant qu'administrateur.
* Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
* A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
* Héberge le rapport de Gmer sur ce site,
cijoint.fr
* Copie/colle les liens générés ici

4) * Réactives tous tes logiciels de protection

@+

Membre Contributeur sécurité CCM
Windows Vista // Windows XP

Utilisateur anonyme
3 sept. 2010 à 18:07

Voici le log crée par mbr: A mon avis j'ai du loupé un truc

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

Voici le log crée par deffoger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:00 on 03/09/2010 (kevin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

Réponse 3 / 21

Utilisateur anonyme
3 sept. 2010 à 18:11

Re

j ai marqué deux fois la même chose

donc fais

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

* Télécharge GMER Rootkit Scanner :

* GMER est l'un des meilleurs scanneurs rootkits actuels.
* Il est capable de détecter la casi totalité des rootkits.

>> gmer

* Ferme également toutes les applications actives dont ton navigateur.
* Clique sur le bouton "Download EXE"
* Sauvegarde-le sur ton Bureau.
* Double-clique sur l'exécutable téléchargé .
* sous Vista , clic droit sur l'exécutable et choisir exécuter en tant qu'administrateur.
* Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
* A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
* Héberge le rapport de Gmer sur ce site,
cijoint.fr
* Copie/colle les liens générés ici

/!\ Réactives tous tes logiciels de protection /!\

Utilisateur anonyme
3 sept. 2010 à 19:01

j'ai un soucis avec le log de gmer, le site cijoint.fr ne veut pas le prendre. J'ouvre mon log avec bloc note, et le site me dit qu'il ne prend pas en charge les fichier .log

Réponse 4 / 21

Utilisateur anonyme
3 sept. 2010 à 19:06

re

fais un copié/collé ici alors !!!

Utilisateur anonyme
3 sept. 2010 à 19:08

ok, voici donc:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-03 18:54:46
Windows 6.0.6002 Service Pack 2
Running: mup3ffzr.exe; Driver: C:\Users\kevin\AppData\Local\Temp\ugdcipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x90A7F510]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x90A808D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x90A7F6FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x90A7E832]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x90A7F176]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x90A7E70E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x90A7EEF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x90A80562]
SSDT 9EB3E04C ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x90A8015A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x90A7EACE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x90A7F352]
SSDT 9EB3E038 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x90A7ED7E]
SSDT 9EB3E03D ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x90A7FBEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x90A7FEA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x90A80352]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x90A7EA68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x90A7EC6A]
SSDT 9EB3E047 ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x90A7E2F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x90A7F80C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 309 84078900 4 Bytes [10, F5, A7, 90] {ADC CH, DH; CMPSD ; NOP }
.text ntoskrnl.exe!KeInsertQueue + 32D 84078924 8 Bytes [D2, 08, A8, 90, FC, F6, A7, ...]
.text ntoskrnl.exe!KeInsertQueue + 3B1 840789A8 4 Bytes CALL E8881A54
.text ntoskrnl.exe!KeInsertQueue + 3C9 840789C0 4 Bytes [76, F1, A7, 90] {JBE 0xfffffffffffffff3; CMPSD ; NOP }
.text ntoskrnl.exe!KeInsertQueue + 3F5 840789EC 4 Bytes [0E, E7, A7, 90] {PUSH CS; OUT 0xa7, EAX; NOP }
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9100E340, 0x3EE687, 0xE8000020]
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9F05B03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F05B0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F05B0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9F05B130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9F05B137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] WS2_32.dll!WSASocketW 76D134EB 7 Bytes JMP 10025840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] WS2_32.dll!WSASocketA 76D18FA9 5 Bytes JMP 10025860 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!WSASocketW 76D134EB 7 Bytes JMP 10025840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!WSASocketA 76D18FA9 5 Bytes JMP 10025860 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Con

Réponse 5 / 21

Utilisateur anonyme
3 sept. 2010 à 19:24

Re

rapport incomplet

Recommence et désactive tes protections

Utilisateur anonyme
3 sept. 2010 à 19:29

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-03 18:54:46
Windows 6.0.6002 Service Pack 2
Running: mup3ffzr.exe; Driver: C:\Users\kevin\AppData\Local\Temp\ugdcipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x90A7F510]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x90A808D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x90A7F6FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x90A7E832]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x90A7F176]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x90A7E70E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x90A7EEF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x90A80562]
SSDT 9EB3E04C ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x90A8015A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x90A7EACE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x90A7F352]
SSDT 9EB3E038 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x90A7ED7E]
SSDT 9EB3E03D ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x90A7FBEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x90A7FEA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x90A80352]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x90A7EA68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x90A7EC6A]
SSDT 9EB3E047 ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x90A7E2F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x90A7F80C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 309 84078900 4 Bytes [10, F5, A7, 90] {ADC CH, DH; CMPSD ; NOP }
.text ntoskrnl.exe!KeInsertQueue + 32D 84078924 8 Bytes [D2, 08, A8, 90, FC, F6, A7, ...]
.text ntoskrnl.exe!KeInsertQueue + 3B1 840789A8 4 Bytes CALL E8881A54
.text ntoskrnl.exe!KeInsertQueue + 3C9 840789C0 4 Bytes [76, F1, A7, 90] {JBE 0xfffffffffffffff3; CMPSD ; NOP }
.text ntoskrnl.exe!KeInsertQueue + 3F5 840789EC 4 Bytes [0E, E7, A7, 90] {PUSH CS; OUT 0xa7, EAX; NOP }
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9100E340, 0x3EE687, 0xE8000020]
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9F05B03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F05B0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F05B0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9F05B130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9F05B137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] WS2_32.dll!WSASocketW 76D134EB 7 Bytes JMP 10025840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[644] WS2_32.dll!WSASocketA 76D18FA9 5 Bytes JMP 10025860 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!WSASocketW 76D134EB 7 Bytes JMP 10025840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!WSASocketA 76D18FA9 5 Bytes JMP 10025860 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CopyFileExA 76DD19F9 5 Bytes JMP 10025B20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!WinExec 76DD5CF7 5 Bytes JMP 10025960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadModule 76DD5E4F 5 Bytes JMP 10025C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] USER32.dll!EndTask 759CAD32 5 Bytes JMP 10027420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserA 76BDCEB9 5 Bytes JMP 1001FF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserW 76BF1EE9 5 Bytes JMP 1001F730 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!OpenServiceA 76BF2EBD 7 Bytes JMP 100265F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!OpenServiceW 76BF8354 7 Bytes JMP 10026890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateServiceW 76C19EB4 7 Bytes JMP 10026B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateServiceA 76C572A1 7 Bytes JMP 10026DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!LdrLoadDll 77249390 5 Bytes JMP 100234C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!LdrUnloadDll 7725BA50 7 Bytes JMP 1001CFE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!LdrGetProcedureAddress 77265A88 5 Bytes JMP 10025CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtAllocateVirtualMemory 77284134 5 Bytes JMP 10025D20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtClose 77284314 5 Bytes JMP 1001CEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtCreateFile 772843D4 5 Bytes JMP 10025DA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtCreateProcess 77284494 5 Bytes JMP 10025E40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtCreateProcessEx 772844A4 5 Bytes JMP 10025E20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtDeleteFile 772847B4 5 Bytes JMP 10025D60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtFreeVirtualMemory 77284944 5 Bytes JMP 10025C60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtLoadDriver 77284A64 5 Bytes JMP 10025D00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtOpenFile 77284BB4 5 Bytes JMP 10025D80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtProtectVirtualMemory 77284D34 5 Bytes JMP 10025D40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtSetInformationProcess 77285324 5 Bytes JMP 10025CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtUnloadDriver 77285574 5 Bytes JMP 10025CE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!NtWriteVirtualMemory 77285674 5 Bytes JMP 10025DC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] ntdll.dll!RtlAllocateHeap 77286570 5 Bytes JMP 10025C80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateProcessW 76D41BF3 5 Bytes JMP 10025DE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateProcessA 76D41C28 5 Bytes JMP 10025E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!VirtualProtect 76D41DC3 5 Bytes JMP 10025940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!OpenFile 76D4355A 5 Bytes JMP 10025BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileW 76D4A2F2 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CopyFileExW 76D50211 7 Bytes JMP 10025B00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CopyFileW 76D50299 5 Bytes JMP 10025B40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!DeleteFileW 76D5F4B6 5 Bytes JMP 10025A00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!DeleteFileA 76D5F5D2 5 Bytes JMP 10025A20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileWithProgressW 76D610A4 5 Bytes JMP 10025A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileExW 76D610C8 5 Bytes JMP 10025A80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryExW 76D69109 7 Bytes JMP 10025BE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryW 76D69362 5 Bytes JMP 10025980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryExA 76D694B4 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!LoadLibraryA 76D694DC 5 Bytes JMP 100259A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!GetProcAddress 76D8903B 5 Bytes JMP 10025C40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!GetModuleHandleA 76D892A5 5 Bytes JMP 100259E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!GetModuleHandleW 76D8A804 5 Bytes JMP 100259C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateFileW 76D8AECB 5 Bytes JMP 10025B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CreateFileA 76D8CE5F 5 Bytes JMP 10025BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileExA 76D90F0A 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileWithProgressA 76D90F2A 5 Bytes JMP 10025A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!CopyFileA 76D92433 5 Bytes JMP 10025B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[860] kernel32.dll!MoveFileA 76DCF641 5 Bytes JMP 10025AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.e

Utilisateur anonyme
3 sept. 2010 à 19:29

sa ne veut pas le coppier en entier on dirait, je recommence le scan....

Utilisateur anonyme
3 sept. 2010 à 19:39

cmt le faire passer par cijoint.fr si il n'accepte pas les fichier .log ?

Utilisateur anonyme
3 sept. 2010 à 19:44

Aussi, il faut qu'a la fin de tout sa je fasse re-nable c'est sa ?

Réponse 6 / 21

Utilisateur anonyme
3 sept. 2010 à 19:52

Re

relançes Defogger et cliques sur "Re-enable"

ensuite

/!\ Il faut IMPERATIVEMENT désactiver tous tes logiciels de protection(antivirus , antispyware )pour utiliser ce programme/!\

2) * Télécharge ComboFix (de sUBs) .
* sur ton bureau et pas ailleurs

* ComboFix est un programme, créé par sUBs, qui recherche sur votre ordinateur certains nuisibles,
et qui, s'il les trouve, essaie de nettoyer ces infections automatiquement.

* ICI >> ComboFix (de sUBs)
* Ferme toutes les fenêtres ouvertes

/!\ Déconnecte-toi du net/!\

* Double clique >> sur ComboFix.exe afin de le lancer
* sous Windows7/ Vista --> Ne pas oublier l'élévation des privilèges
* (Clic droit sur ComboFix.exe, puis sur Exécuter en tant qu'administrateur dans le menu déroulant.)
* Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.

** Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.

** si il te propose de l'installer remets provisoirement internet

* /!\ Déconnecte-toi du net aprés l installation /!\

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. /!\
/!\ (ne touche a rien pendant que l'outil travaille pour ne pas figer ton pc)/!\

* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Utilisateur anonyme
3 sept. 2010 à 20:58

ComboFix 10-09-02.04 - kevin 03/09/2010 20:34:02.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.2148 [GMT 2:00]
Lancé depuis: c:\users\kevin\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kevin\AppData\Roaming\Microsoft\Windows\Recent\Register Warcraft III.url
c:\users\kevin\AppData\Roaming\Microsoft\Windows\Recent\TechSupport.url
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
c:\windows\system32\%appdata%
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-03 au 2010-09-03 ))))))))))))))))))))))))))))))))))))
.

2010-09-03 10:01 . 2010-09-03 10:04 -------- d-----w- c:\program files\ZHPDiag
2010-09-01 23:17 . 2010-09-01 23:20 -------- d-----w- c:\program files\FineRecovery
2010-09-01 22:03 . 2010-09-01 22:03 -------- d-----w- c:\program files\Common Files\Java
2010-09-01 22:02 . 2010-09-01 22:02 -------- d-----w- c:\program files\Java
2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\program files\SIW
2010-08-27 20:52 . 2010-08-27 20:52 40793 ----a-w- C:\UsbFix_Upload_Me_PC-DE-KEVIN.zip
2010-08-27 20:42 . 2010-09-02 20:53 -------- d-----w- C:\UsbFix
2010-08-25 11:05 . 2010-09-02 08:42 -------- d-----w- c:\programdata\COMODO
2010-08-25 11:02 . 2010-08-25 11:02 -------- d-----w- c:\program files\COMODO
2010-08-25 10:59 . 2010-08-25 10:59 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-24 21:43 . 2010-08-24 21:43 -------- d-----w- c:\program files\Microsoft.NET
2010-08-20 10:13 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-20 10:13 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-20 10:13 . 2010-08-20 10:13 -------- d-----w- c:\programdata\Avira
2010-08-20 10:13 . 2010-08-20 10:13 -------- d-----w- c:\program files\Avira
2010-08-20 10:04 . 2010-08-20 10:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-19 21:22 . 2010-08-19 21:22 -------- d-----w- C:\Programme
2010-08-16 14:26 . 2010-09-01 23:26 -------- d-----w- c:\program files\Governor of Poker
2010-08-11 17:33 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 17:33 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 17:33 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 17:33 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 17:33 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 17:33 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 17:31 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 17:31 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 17:31 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 17:31 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-06 13:50 . 2010-09-03 18:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 13:48 . 2010-08-06 13:49 -------- d-----w- c:\programdata\Hitman Pro
2010-08-06 13:48 . 2010-08-06 13:48 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-06 00:47 . 2010-08-06 00:47 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 18:42 . 2008-09-12 19:22 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-03 18:36 . 2008-09-11 03:29 694122 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-03 18:36 . 2008-09-11 03:29 131708 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-03 16:59 . 2009-04-25 16:07 1 ----a-w- c:\users\kevin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-03 16:01 . 2009-04-24 20:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 10:01 . 2009-10-28 21:14 146771 ----a-w- c:\programdata\nvModes.dat
2010-09-02 00:16 . 2009-04-24 15:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-01 22:02 . 2010-04-15 11:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 04:13 . 2010-05-31 16:17 -------- d-----w- c:\program files\MyDefrag v4.3.1
2010-08-28 02:04 . 2009-05-04 19:54 1356 ----a-w- c:\users\kevin\AppData\Local\d3d9caps.dat
2010-08-28 01:11 . 2010-05-17 23:05 -------- d-----w- c:\program files\BoontyGames
2010-08-27 20:09 . 2010-08-02 17:14 -------- d-----w- c:\program files\CCleaner
2010-08-25 14:25 . 2010-08-31 20:58 614544 ----a-w- c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-25 14:25 . 2010-08-31 20:58 314816 ----a-w- c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-20 17:45 . 2009-08-11 10:46 -------- d-----w- c:\program files\OrangeHSS
2010-08-20 17:45 . 2009-05-02 14:55 -------- d-----w- c:\program files\Google
2010-08-20 17:45 . 2009-04-24 15:27 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-20 10:40 . 2009-04-24 22:25 -------- d-----w- c:\users\kevin\AppData\Roaming\LimeWire
2010-08-20 10:39 . 2010-06-10 14:34 -------- d-----w- c:\program files\LimeWire
2010-08-20 10:21 . 2009-11-11 00:00 -------- d-----w- c:\program files\FileHippo.com
2010-08-20 10:02 . 2009-04-26 11:01 -------- d-----w- c:\users\kevin\AppData\Roaming\Media Player Classic
2010-08-16 13:48 . 2009-09-27 18:08 -------- d-----w- c:\program files\Glary Utilities
2010-08-11 17:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-03 20:31 . 2010-07-31 11:48 -------- d-----w- c:\users\kevin\AppData\Roaming\vlc
2010-07-30 02:00 . 2009-04-26 10:36 -------- d-----w- c:\users\kevin\AppData\Roaming\dvdcss
2010-07-19 17:41 . 2010-07-19 17:41 -------- d-----w- c:\program files\Microsoft
2010-07-19 17:41 . 2009-04-24 13:24 -------- d-----w- c:\program files\Windows Live
2010-07-18 21:19 . 2009-11-11 10:21 -------- d-----w- c:\program files\Navilog1
2010-07-18 21:19 . 2009-09-08 20:12 -------- d-----w- c:\program files\Opera
2010-07-18 21:19 . 2009-05-23 17:35 -------- d-----w- c:\program files\Personal Media Manager
2010-07-18 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-07 01:10 . 2010-06-14 23:42 -------- d-----w- c:\users\kevin\AppData\Roaming\Bioshock2
2010-06-26 06:05 . 2010-08-11 17:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 17:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 17:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 17:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-15 22:09 . 2010-06-15 22:09 53248 ----a-r- c:\users\kevin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-15 22:09 . 2010-03-05 15:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gamesurround Muse Pocket.lnk]
backup=c:\windows\pss\Gamesurround Muse Pocket.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear ARIA Device Manager.lnk]
backup=c:\windows\pss\Philips GoGear ARIA Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six Vegas.LNK]
path=c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Tom Clancy's Rainbow Six Vegas.LNK
backup=c:\windows\pss\Registration Tom Clancy's Rainbow Six Vegas.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant]
LBTWIZ.EXE -silent [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
2006-03-20 19:43 331776 ----a-w- c:\program files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2008-06-10 09:14 107248 ----a-w- c:\program files\OrangeHSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cd,0a,49,9a,45,e1,c9,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-09-03 16968]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-21 691696]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-09-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-27 09:21]

2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{4FEB54DB-9D61-49A8-AB33-2D3870B644B6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CD88DEB8-6213-4BF3-B673-FCD554128948} = 192.168.1.1,192.168.1.1
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_8971.cab
FF - ProfilePath - c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: c:\users\kevin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 20:44
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1804)
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-09-03 20:50:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-03 18:50

Avant-CF: 40 427 712 512 octets libres
Après-CF: 40 093 474 816 octets libres

- - End Of File - - 73595A61D37674EA34FFBA51C95C5DC6

Réponse 7 / 21

Utilisateur anonyme
4 sept. 2010 à 12:26

Salut

1)> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte
> copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

Folder::
c:\programdata\nvModes.dat

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination
> dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt
> ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture

Image >> capture

> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher, enregistre le sur ton bureau

/!\ Redémarre impérativement ton pc /!\

postes le contenu du rapport CFScript.txt dans ta prochaine réponse./b
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

ensuite

2)* J ai vu que tu as Malwarebytes

* Lances--> Malwarebytes (MBAM)
* Fais une mise a jour <== à faire
* Puis vas dans l'onglet "Recherche", coche >> Exécuter un examen complet
* puis "Rechercher"
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
* S'il t' es demandé de redémarrer, clique sur "oui "
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

aprés

3)tu as Ccleaner

* Lances CCleaner.
* Ensuite, clique sur Options ==> Avancé et décoche la case
* Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 24 heures
* Clique sur l'onglet ==> Nettoyeur puis sur ==>Lancer le Nettoyage.
* Ensuite clique sur l'icone==> Registre , à droite, clique sur ==>Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées.
* Accepte la sauvegarde, de la BDR (base de registre )qu'il propose
* Je te conseille de le repasser au moins deux fois,(ou + jusqu'à qu'il ne trouve plus d'erreurs.)

4) Poste un nouveau log ZHPDiag

Membre Contributeur sécurité CCM
Windows Vista // Windows XP

Utilisateur anonyme
4 sept. 2010 à 23:26

je post les log mais il ne reste pas....

Réponse 8 / 21

Utilisateur anonyme
4 sept. 2010 à 23:26

ComboFix 10-09-03.02 - kevin 04/09/2010 14:41:28.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1982 [GMT 2:00]
Lancé depuis: c:\users\kevin\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\kevin\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-04 au 2010-09-04 ))))))))))))))))))))))))))))))))))))
.

2010-09-04 12:48 . 2010-09-04 12:50 -------- d-----w- c:\users\kevin\AppData\Local\temp
2010-09-04 12:48 . 2010-09-04 12:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-04 12:48 . 2010-09-04 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-01 23:17 . 2010-09-01 23:20 -------- d-----w- c:\program files\FineRecovery
2010-09-01 22:03 . 2010-09-01 22:03 -------- d-----w- c:\program files\Common Files\Java
2010-09-01 22:02 . 2010-09-01 22:02 -------- d-----w- c:\program files\Java
2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\program files\SIW
2010-08-27 20:52 . 2010-08-27 20:52 40793 ----a-w- C:\UsbFix_Upload_Me_PC-DE-KEVIN.zip
2010-08-25 11:05 . 2010-09-02 08:42 -------- d-----w- c:\programdata\COMODO
2010-08-25 11:02 . 2010-08-25 11:02 -------- d-----w- c:\program files\COMODO
2010-08-25 10:59 . 2010-08-25 10:59 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-24 21:43 . 2010-08-24 21:43 -------- d-----w- c:\program files\Microsoft.NET
2010-08-20 10:13 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-20 10:13 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-20 10:13 . 2010-08-20 10:13 -------- d-----w- c:\programdata\Avira
2010-08-20 10:13 . 2010-08-20 10:13 -------- d-----w- c:\program files\Avira
2010-08-20 10:04 . 2010-08-20 10:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-19 21:22 . 2010-08-19 21:22 -------- d-----w- C:\Programme
2010-08-16 14:26 . 2010-09-01 23:26 -------- d-----w- c:\program files\Governor of Poker
2010-08-11 17:33 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 17:33 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 17:33 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 17:33 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 17:33 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 17:33 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 17:31 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 17:31 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 17:31 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 17:31 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-06 13:50 . 2010-09-04 12:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 13:48 . 2010-08-06 13:49 -------- d-----w- c:\programdata\Hitman Pro
2010-08-06 13:48 . 2010-08-06 13:48 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-06 00:47 . 2010-08-06 00:47 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 12:48 . 2008-09-12 19:22 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 12:37 . 2010-09-03 10:01 -------- d-----w- c:\program files\ZHPDiag
2010-09-04 12:34 . 2008-09-11 03:29 694122 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-04 12:34 . 2008-09-11 03:29 131708 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-04 02:20 . 2009-10-28 21:14 146771 ----a-w- c:\programdata\nvModes.dat
2010-09-04 01:44 . 2009-04-24 15:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 16:59 . 2009-04-25 16:07 1 ----a-w- c:\users\kevin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-03 16:01 . 2009-04-24 20:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-01 22:02 . 2010-04-15 11:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 04:13 . 2010-05-31 16:17 -------- d-----w- c:\program files\MyDefrag v4.3.1
2010-08-28 02:04 . 2009-05-04 19:54 1356 ----a-w- c:\users\kevin\AppData\Local\d3d9caps.dat
2010-08-28 01:11 . 2010-05-17 23:05 -------- d-----w- c:\program files\BoontyGames
2010-08-27 20:09 . 2010-08-02 17:14 -------- d-----w- c:\program files\CCleaner
2010-08-25 14:25 . 2010-08-31 20:58 614544 ----a-w- c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-25 14:25 . 2010-08-31 20:58 314816 ----a-w- c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-20 17:45 . 2009-08-11 10:46 -------- d-----w- c:\program files\OrangeHSS
2010-08-20 17:45 . 2009-05-02 14:55 -------- d-----w- c:\program files\Google
2010-08-20 17:45 . 2009-04-24 15:27 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-20 10:40 . 2009-04-24 22:25 -------- d-----w- c:\users\kevin\AppData\Roaming\LimeWire
2010-08-20 10:39 . 2010-06-10 14:34 -------- d-----w- c:\program files\LimeWire
2010-08-20 10:21 . 2009-11-11 00:00 -------- d-----w- c:\program files\FileHippo.com
2010-08-20 10:02 . 2009-04-26 11:01 -------- d-----w- c:\users\kevin\AppData\Roaming\Media Player Classic
2010-08-16 13:48 . 2009-09-27 18:08 -------- d-----w- c:\program files\Glary Utilities
2010-08-11 17:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-03 20:31 . 2010-07-31 11:48 -------- d-----w- c:\users\kevin\AppData\Roaming\vlc
2010-07-30 02:00 . 2009-04-26 10:36 -------- d-----w- c:\users\kevin\AppData\Roaming\dvdcss
2010-07-19 17:41 . 2010-07-19 17:41 -------- d-----w- c:\program files\Microsoft
2010-07-19 17:41 . 2009-04-24 13:24 -------- d-----w- c:\program files\Windows Live
2010-07-18 21:19 . 2009-11-11 10:21 -------- d-----w- c:\program files\Navilog1
2010-07-18 21:19 . 2009-09-08 20:12 -------- d-----w- c:\program files\Opera
2010-07-18 21:19 . 2009-05-23 17:35 -------- d-----w- c:\program files\Personal Media Manager
2010-07-18 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-07 01:10 . 2010-06-14 23:42 -------- d-----w- c:\users\kevin\AppData\Roaming\Bioshock2
2010-06-26 06:05 . 2010-08-11 17:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 17:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 17:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 17:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-15 22:09 . 2010-06-15 22:09 53248 ----a-r- c:\users\kevin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-15 22:09 . 2010-03-05 15:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gamesurround Muse Pocket.lnk]
backup=c:\windows\pss\Gamesurround Muse Pocket.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear ARIA Device Manager.lnk]
backup=c:\windows\pss\Philips GoGear ARIA Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six Vegas.LNK]
path=c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Tom Clancy's Rainbow Six Vegas.LNK
backup=c:\windows\pss\Registration Tom Clancy's Rainbow Six Vegas.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant]
LBTWIZ.EXE -silent [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
2006-03-20 19:43 331776 ----a-w- c:\program files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2008-06-10 09:14 107248 ----a-w- c:\program files\OrangeHSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cd,0a,49,9a,45,e1,c9,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-21 691696]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-09-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-27 09:21]

2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{4FEB54DB-9D61-49A8-AB33-2D3870B644B6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CD88DEB8-6213-4BF3-B673-FCD554128948} = 192.168.1.1,192.168.1.1
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_8971.cab
FF - ProfilePath - c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: c:\users\kevin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i2jlzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 14:50
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3100)
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-09-04 14:57:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-04 12:57
ComboFix2.txt 2010-09-03 18:50

Avant-CF: 42 198 335 488 octets libres
Après-CF: 42 041 233 408 octets libres

- - End Of File - - C6C73A1B9CA5558368382081B24FFC2B

Réponse 9 / 21

Utilisateur anonyme
5 sept. 2010 à 00:45

Salut

* Télécharge OTM (OldTimer) sur ton Bureau

ICI >> OTM (OldTimer)
- Clique droit sur "OTMoveIt3.exe" et choisis "exécuter en tant qu'administrateur" afin de le lancer.
- Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
c:\programdata\nvModes.dat

:commands
[emptytemp]
[Reboot]

- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 10 / 21

Utilisateur anonyme
5 sept. 2010 à 06:20

Ok voici le log: Et dites mon PC est si infecté que sa ? par ce que je passe pas mal de logiciel là. Par exemple a quoi sert OTM ?

All processes killed
========== FILES ==========
c:\programdata\nvModes.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kevin
->Temp folder emptied: 33035 bytes
->Temporary Internet Files folder emptied: 66407 bytes
->Java cache emptied: 40900903 bytes
->FireFox cache emptied: 41688865 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 494 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104022 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2645855 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13413477 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94,00 mb

OTM by OldTimer - Version 3.1.15.0 log created on 09052010_061650

Files moved on Reboot...

Registry entries deleted on Reboot...

Réponse 11 / 21

Utilisateur anonyme
Modifié par VIRUS-C-C le 5/09/2010 à 07:01

Salut

la plupart de mes outils que je propose ont une explication, mise à part là OTM(Oldtimer)

OTM, est un petit outil permettant de supprimer des fichiers récalcitrants

1) poste un nouveau Log ZHPDiag

Membre Contributeur sécurité CCM
Windows Vista // Windows XP

Utilisateur anonyme
5 sept. 2010 à 17:40

j'ai poster le log.....mais il ne s'affiche pas.

Réponse 12 / 21

Utilisateur anonyme
5 sept. 2010 à 17:34

Rapport de ZHPDiag v1.26.582 par Nicolas Coolman, Update du 03/09/2010
Run by kevin at 05/09/2010 15:35:51
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18943
MFIE: Mozilla Firefox (3.6.8)

---\\ System Information
Platform : Windows Vista (TM) Home Premium (6.0.6002) Service Pack 2
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3065 MB (65% free)
System drive C: has 38 GB (34%) free of 112 GB

---\\ Logged in mode
Computer Name: PC-DE-KEVIN
User Name: kevin
All Users Names: kevin, Administrateur,
Unselected Option: O1,O45,O61,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 38 Go of 112 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 18 Go of 111 Go)
E:\ CD-ROM drive (Not Inserted)

---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

---\\ Processus lancés
[MD5.29882864B54CC3B8A9B5877A263AC0E5] - (.SAMSUNG Electronics co., LTD. - Easy Battery Manager 3.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [352256]
[MD5.C4EEDFAB3F44092BBF5D03142C7E164E] - (.SAMSUNG Electronics - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [688128]
[MD5.06F7D67EC4D15F11A2923268BAA937D3] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [300912]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.A37B2AB33BFF3C6705DC2C016328DD2F] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416]
[MD5.EB57A9927A39EB86194D664E781633B7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6111232]
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153]
[MD5.E25076570C6CC864043047325AF16F44] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2039240]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552]
[MD5.BACCDA841C689D1CBA941F478E8ED24B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296]
[MD5.41E891E0A6CE1DE87E980F8A117227FD] - (.SurfRight B.V. - Hitman Pro 3.5.) -- C:\Program Files\Hitman Pro 3.5\HitmanPro-3.5.6.108.exe [6293312]
[MD5.406B889157DB84032CE6A51D043CAE29] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528]
[MD5.7EE856AB0E8D63B4D180CE580E14A376] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [548352]

---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Total Immersion - D'Fusion @Home Web Plug-In (2.20.10609.0).) -- C:\Program Files\Mozilla Firefox\Plugins\NPDFusionWebFirefox.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.3.4".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.69.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.Pas de propriétaire - D'Fusion Web Plugin (2.00.7293.0).) -- C:\Program Files\Mozilla Firefox\Plugins\nptidfusionplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe16244.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.8.612.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50826.0.) -- c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.69] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.69] - (.RealNetworks, Inc. - 6.0.12.69.) -- C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] - (.Total Immersion - D'Fusion @Home Web Plug-In (2.20.10609.0).) -- C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
P2 - FPN: [HKLM] [@t-immersion.com/DFusionWeb] - (.Pas de propriétaire - D'Fusion Web Plugin (2.00.7293.0).) -- C:\Program Files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.1] - (.the VideoLAN Team - Version 1.1.1, copyright 1996-2010 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\kevin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Pas de propriétaire - Pas de description.) (No version) -- C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Search Class - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {00e71626-0bef-11dc-8314-0800200c9a66} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} . (.ArcSoft, Inc. - ArcURLRecord Module.) -- C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} . (.Pas de propriétaire - Pas de description.) -- (.not file.)

---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - (.not file.) - C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD88DEB8-6213-4BF3-B673-FCD554128948}: NameServer = 192.168.1.1,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD88DEB8-6213-4BF3-B673-FCD554128948}: NameServer = 192.168.1.1,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD88DEB8-6213-4BF3-B673-FCD554128948}: NameServer = 192.168.1.1,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1359FA-C05B-4E98-B31F-5EE91DD487FF}: DhcpNameServer = 10.192.168.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDEE5E5A-6027-472F-8F74-F9573CD578B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C1359FA-C05B-4E98-B31F-5EE91DD487FF}: DhcpNameServer = 10.192.168.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDEE5E5A-6027-472F-8F74-F9573CD578B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6C1359FA-C05B-4E98-B31F-5EE91DD487FF}: DhcpNameServer = 10.192.168.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDEE5E5A-6027-472F-8F74-F9573CD578B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1359FA-C05B-4E98-B31F-5EE91DD487FF}: DhcpDomain = wifipass.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C1359FA-C05B-4E98-B31F-5EE91DD487FF}: DhcpDomain = wifipass.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{6C1359FA-C05B-4E98-B31F-5EE91DD487FF}: DhcpDomain = wifipass.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.192.168.1

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.COMODO - COMODO Internet Security.) - C:\Windows\System32\guard32.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) . (.ArcSoft Inc. - ArcSoft Connect Service.) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) . (.France Telecom SA - Pas de description.) - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 176.2.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TeamViewer 5 (TeamViewer5) . (.TeamViewer GmbH - TeamViewer Service.) - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{4FEB54DB-9D61-49A8-AB33-2D3870B644B6}.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: LightScribe Control Panel - {10880D85-AAD9-4558-ABDC-2AB1552D831F} . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\Windows\system32\Macromed\Flash\Flash10i.ocx

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: COMODO Internet Security Sandbox Driver (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\system32\DRIVERS\cmdguard.sys
O41 - Driver: COMODO Internet Security Helper Driver (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys
O41 - Driver: COMODO Internet Security Firewall Driver (inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\system32\DRIVERS\inspect.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.) [HKLM] -- 7-Zip
O42 - Logiciel: AGEIA PhysX v2.3.3 - (.Pas de propriétaire.) [HKLM] -- AGEIA PhysX v2.3.3
O42 - Logiciel: AVS Media Player 3.1 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Media Player_is1
O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager_is1
O42 - Logiciel: AVS4YOU Software Navigator 1.3 - (.Online Media Technologies Ltd..) [HKLM] -- AVS4YOU Software Navigator_is1
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.3.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A93000000001}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Agere Systems HDA Modem - (.Agere Systems.) [HKLM] -- Agere Systems Soft Modem
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Atheros WLAN Client - (.Pas de propriétaire.) [HKLM] -- {04983D37-2202-4295-94A2-8B547C66133F}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: BioShock 2 - (.2K Games.) [HKLM] -- {4A8B461A-9336-4CF9-98F4-14DD38E673F0}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: COMODO Internet Security - (.COMODO Group Inc..) [HKLM] -- {CC6B1BB4-4E06-4A5B-A166-B371B551324B}
O42 - Logiciel: Code de la Route Pratic - (.Micro Application.) [HKLM] -- {D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}
O42 - Logiciel: Composants Internet Partagés de Westwood - (.Pas de propriétaire.) [HKLM] -- WOLAPI
O42 - Logiciel: DeepBurner v1.9.0.228 - (.Pas de propriétaire.) [HKLM] -- {2ADE2157-7A5E-122C-B51D-EB8A01B15943}
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: EVEREST Ultimate Edition v5.01 - (.Lavalys, Inc..) [HKLM] -- EVEREST Ultimate Edition_is1
O42 - Logiciel: Easy Battery Manager - (.Pas de propriétaire.) [HKLM] -- {6F730513-8688-4C3C-90A3-6B9792CE2EF3}
O42 - Logiciel: Easy Display Manager - (.Samsung.) [HKLM] -- {17283B95-21A8-4996-97DA-547A48DB266F}
O42 - Logiciel: Easy Network Manager 4.0 - (.Samsung.) [HKLM] -- InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}
O42 - Logiciel: Facebook Plug-In - (.Facebook, Inc..) [HKCU] -- Facebook Plug-In
O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) - (.Microsoft Corporation.) [HKLM] -- {3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
O42 - Logiciel: FileHippo.com Update Checker - (.Pas de propriétaire.) [HKLM] -- FileHippo.com
O42 - Logiciel: Free Video Converter V 2.8 - (.Koyote Soft.) [HKLM] -- Free Video Converter_is1
O42 - Logiciel: Gamesurround Muse Pocket - (.Pas de propriétaire.) [HKLM] -- {994FF32C-6CAD-467D-986B-A01D27BCE0AF}
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: GoGear ARIA Device Manager - (.Philips.) [HKLM] -- {43B0D334-9A1B-4257-9E51-D3813BD8B9D0}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {BF1EC9C0-9C10-11DF-BBC7-005056C00008}
O42 - Logiciel: Hitman Pro 3.5 - (.SurfRight B.V..) [HKLM] -- HitmanPro35
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java(TM) 6 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF}
O42 - Logiciel: K-Lite Mega Codec Pack 4.7.0 - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: LimeWire 5.5.14 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Media Converter for Philips - (.ArcSoft.) [HKLM] -- {E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}
O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft SOAP Toolkit 2.0 SP2 - (.Microsoft Corporation.) [HKLM] -- {36BEAD11-8577-49AD-9250-E06A50AE87B0}
O42 - Logiciel: Microsoft SQL Server Native Client - (.Microsoft Corporation.) [HKLM] -- {1F24E48F-7692-4E89-8784-68DD4D2712A0}
O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM] -- {A30179B7-997A-4D47-AA43-57AE59A9C78B}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 - (.Microsoft Corporation.) [HKLM] -- {E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Xbox 360 Accessories 1.1 - (.Microsoft.) [HKLM] -- {9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Mozilla Firefox (3.6.8) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.8)
O42 - Logiciel: MyDefrag v4.3.1 - (.J.C. Kessels.) [HKLM] -- MyDefrag v4.3.1_is1
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: OF Dragon Rising - (.Codemasters.) [HKLM] -- {1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}
O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {97B3824E-B2D2-4C49-A860-BCA56F10B040}
O42 - Logiciel: Orange - Logiciels Internet - (.Pas de propriétaire.) [HKLM] -- {ORAHSS}.UninstallSuite
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Personal Media Manager 2.90 - (.Pas de propriétaire.) [HKLM] -- Personal Media Manager 2.90
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SIW version 2010.07.14 - (.Topala Software Solutions.) [HKLM] -- {AB67580-257C-45FF-B8F4-C8C30682091A}_is1
O42 - Logiciel: Samsung Recovery Solution III - (.Samsung.) [HKLM] -- {145DE957-0679-4A2A-BB5C-1D3E9808FAB2}
O42 - Logiciel: Samsung Update Plus - (.Samsung Electronics Co., Ltd..) [HKLM] -- {D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-5464-3428-900000000004}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM] -- SystemRequirementsLab
O42 - Logiciel: TeamViewer 5 - (.TeamViewer GmbH.) [HKLM] -- TeamViewer 5
O42 - Logiciel: Tom Clancy's H.A.W.X - (.Ubisoft.) [HKLM] -- {6E36A172-06FB-4BC8-B7FC-D30D219E6776}
O42 - Logiciel: Tom Clancy's Rainbow Six Vegas - (.Ubisoft.) [HKLM] -- {5731C0A8-B266-451A-8D3F-8066AA21836F}
O42 - Logiciel: Total Immersion D'Fusion @Home Web Plug-In - (.Total Immersion.) [HKLM] -- D'Fusion @Home Web Plug-In
O42 - Logiciel: Total Immersion D'Fusion Web Plugin - (.Total Immersion.) [HKLM] -- DFusionWeb
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.1.1 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Vimicro UVC Camera - (.Vimicro Corporation.) [HKLM] -- {71A51B09-E7D3-11DB-A386-005056C00008}
O42 - Logiciel: WIDCOMM Bluetooth Software 6.0.1.6300 - (.WIDCOMM, Inc..) [HKLM] -- {03D1988F-469F-4843-8E6E-E5FE9D17889D}
O42 - Logiciel: WOT for Internet Explorer - (.Against Intuition Oy.) [HKLM] -- {DB6BD5D5-8482-45C0-99CF-745C5B924497}
O42 - Logiciel: Warcraft III - (.Blizzard Entertainment.) [HKLM] -- Warcraft III
O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] -- eMule
O42 - Logiciel: eReg - (.Logitech, Inc..) [HKLM] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
O42 - Logiciel: erLT - (.Logitech, Inc..) [HKLM] -- {A498D9EB-927B-459B-85D6-DD6EF8C2C564}
O42 - Logiciel: imagine digital freedom - Samsung - (.Samsung Electronics Co., LTD.) [HKLM] -- {00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\2015]
[HKCU\Software\3rd Eye Solutions]
[HKCU\Software\7-Zip]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\Against Intuition]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\ArcSoft]
[HKCU\Software\Astonsoft]
[HKCU\Software\Avira]
[HKCU\Software\BitDefender]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ComodoGroup]
[HKCU\Software\Comodo]
[HKCU\Software\CoreVorbis]
[HKCU\Software\DT Soft]
[HKCU\Software\DivXNetworks]
[HKCU\Software\FileHippo.com]
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\GameSpy]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\LG PC Suite2]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\LightScribe]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MimarSinan]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\MyDefrag]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PT]
[HKCU\Software\Patchou]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Royal Philips]
[HKCU\Software\SWFlash Savers]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Samsung]
[HKCU\Software\Secrett]
[HKCU\Software\SecuROM]
[HKCU\Software\Skype]
[HKCU\Software\Smart PC Solutions]
[HKCU\Software\Sun Microsystems]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\TeamViewer]
[HKCU\Software\Trolltech]
[HKCU\Software\TuneUp]
[HKCU\Software\Ubisoft]
[HKCU\Software\VirtualDJ]
[HKCU\Software\Widcomm]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\eMule]
[HKLM\Software\2K Games]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ASKInstaller]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Alienware]
[HKLM\Software\America Online]
[HKLM\Software\AppDataLow]
[HKLM\Software\ArcSoft]
[HKLM\Software\Avira]
[HKLM\Software\Blizzard Entertainment]
[HKLM\Software\Boonty]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Codemasters]
[HKLM\Software\ComodoGroup]
[HKLM\Software\DT Soft]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\GNU]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hitman Pro]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Inventel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Panda Software]
[HKLM\Software\Paprikari]
[HKLM\Software\Patchou]
[HKLM\Software\Philips]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek]
[HKLM\Software\ReflexiveArcade]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S3R521]
[HKLM\Software\SECURITOO]
[HKLM\Software\SWIFTDOG]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Samsung]
[HKLM\Software\Sonic]
[HKLM\Software\Swearware]
[HKLM\Software\Synaptics]
[HKLM\Software\TeamViewer]
[HKLM\Software\Thomson]
[HKLM\Software\Total Immersion]
[HKLM\Software\TrendMicro]
[HKLM\Software\Trolltech]
[HKLM\Software\TuneUp]
[HKLM\Software\Ubisoft]
[HKLM\Software\VideoLAN]
[HKLM\Software\Vimicro Corporation]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Westwood]
[HKLM\Software\Widcomm]
[HKLM\Software\WinRAR]
[HKLM\Software\X-AVCSD]
[HKLM\Software\ZSMC]
[HKLM\Software\ahead]
[HKLM\Software\mozilla.org]
[HKLM\Software\woohook]

---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\2K Games
O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\AGEIA Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\ArcSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Astonsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Atheros WLAN Client
O43 - CFD:Common File Directory ----D- C:\Program Files\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU
O43 - CFD:Common File Directory ----D- C:\Program Files\BoontyGames
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Codemasters
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\COMODO
O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD:Common File Directory ----D- C:\Program Files\Defraggler
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FileHippo.com
O43 - CFD:Common File Directory ----D- C:\Program Files\FineRecovery
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Video Converter
O43 - CFD:Common File Directory ----D- C:\Program Files\Glary Utilities
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Governor of Poker
O43 - CFD:Common File Directory ----D- C:\Program Files\Hitman Pro 3.5
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Inventel
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys
O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Xbox 360 Accessories
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Mio Technology
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MyDefrag v4.3.1
O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Opera
O43 - CFD:Common File Directory ----D- C:\Program Files\OrangeHSS
O43 - CFD:Common File Directory ----D- C:\Program Files\Personal Media Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\ReflexiveArcade
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Securitoo
O43 - CFD:Common File Directory ----D- C:\Program Files\SIW
O43 - CFD:Common File Directory ----D- C:\Program Files\Smart PC Solutions
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\Synaptics
O43 - CFD:Common File Directory ----D- C:\Program Files\SystemRequirementsLab
O43 - CFD:Common File Directory ----D- C:\Program Files\TeamViewer
O43 - CFD:Common File Directory ----D- C:\Program Files\Total Immersion
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Vimicro Corporation
O43 - CFD:Common File Directory ----D- C:\Program Files\Warcraft III
O43 - CFD:Common File Directory ----D- C:\Program Files\Western Digital
O43 - CFD:Common File Directory ----D- C:\Program Files\WIDCOMM
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\WOT
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Blizzard Entertainment
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\BOONTY Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Logishrd
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\ProgramData\Adobe
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Application Data
O43 - CFD:Common File Directory --H-D- C:\ProgramData\ArcSoft
O43 - CFD:Common File Directory ----D- C:\ProgramData\Avira
O43 - CFD:Common File Directory ----D- C:\ProgramData\BOONTY
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Bureau
O43 - CFD:Common File Directory --H-D- C:\ProgramData\CanonBJ
O43 - CFD:Common File Directory ----D- C:\ProgramData\COMODO
O43 - CFD:Common File Directory ----D- C:\ProgramData\Comodo Downloader
O43 - CFD:Common File Directory ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Desktop
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Documents
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favoris
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favorites
O43 - CFD:Common File Directory ----D- C:\ProgramData\Hitman Pro
O43 - CFD:Common File Directory ----D- C:\ProgramData\Kaspersky Lab Setup Files
O43 - CFD:Common File Directory ----D- C:\ProgramData\LightScribe
O43 - CFD:Common File Directory ----D- C:\ProgramData\Logishrd
O43 - CFD:Common File Directory ----D- C:\ProgramData\ma-config.com
O43 - CFD:Common File Directory ----D- C:\ProgramData\Malwarebytes
O43 - CFD:Common File Directory ----D- C:\ProgramData\McAfee
O43 - CFD:Common File Directory ----D- C:\ProgramData\Media Center Programs
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD:Common File Directory ----D- C:\ProgramData\Messenger Plus!
O43 - CFD:Common File Directory ----D- C:\ProgramData\Micro Application
O43 - CFD:Common File Directory -S--D- C:\ProgramData\Microsoft
O43 - CFD:Common File Directory ----D- C:\ProgramData\Microsoft Help
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Modèles
O43 - CFD:Common File Directory ----D- C:\ProgramData\Nero
O43 - CFD:Common File Directory ----D- C:\ProgramData\NVIDIA
O43 - CFD:Common File Directory ----D- C:\ProgramData\Roaming
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\SecuROM
O43 - CFD:Common File Directory ----D- C:\ProgramData\Skype
O43 - CFD:Common File Directory ----D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Start Menu
O43 - CFD:Common File Directory ----D- C:\ProgramData\Sun
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Templates
O43 - CFD:Common File Directory ----D- C:\ProgramData\TuneUp Software
O43 - CFD:Common File Directory ----D- C:\ProgramData\VistaCodecs
O43 - CFD:Common File Directory ----D- C:\ProgramData\WLInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Blizzard Entertainment
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\BOONTY Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Logishrd
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.526255A38E3390DA7D4DA04844FE5447] - 05/09/2010 - 14:33:11 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 05:53:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [351837]
O44 - LFC:[MD5.FBB57D7D4FE8853C515C988D7F44213A] - 05/09/2010 - 05:25:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1556232]
O44 - LFC:[MD5.9AEF8032F6B3777F84E5613EBE438BA8] - 05/09/2010 - 05:25:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [113074]
O44 - LFC:[MD5.008E18FD3AB618665FE95C20D64C9F8F] - 05/09/2010 - 05:25:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc00C.dat [136790]
O44 - LFC:[MD5.D81AC5530B2692CFC9E62BA946426B97] - 05/09/2010 - 05:25:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [605384]
O44 - LFC:[MD5.85C0E44122DBE6088D626616F259A19D] - 05/09/2010 - 05:25:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh00C.dat [709202]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 04/09/2010 - 13:50:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 04/09/2010 - 13:37:46 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Windows\SWXCACLS.exe [212480]
O44 - LFC:[MD5.9A035ACDB3202E3894252C4C4E0874C8] - 04/09/2010 - 13:29:13 ---A- . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\drivers\hitmanpro35.sys [16968]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 03/09/2010 - 19:29:38 ---A- . (.NirSoft - NirCmd.) -- C:\Windows\NIRCMD.exe [31232]
O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 03/09/2010 - 19:29:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\MBR.exe [77312]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 03/09/2010 - 19:29:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PEV.exe [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 03/09/2010 - 19:29:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 03/09/2010 - 19:29:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 03/09/2010 - 19:29:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 03/09/2010 - 19:29:38 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Windows\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 03/09/2010 - 19:29:38 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\Windows\SWSC.exe [136704]
O44 - LFC:[MD5.359B080F9226D078847E363C7AEDA903] - 01/09/2010 - 23:02:13 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\javaw.exe [145184]
O44 - LFC:[MD5.06CCE24882D9577D3795432E1B22FE4A] - 01/09/2010 - 23:02:13 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\Windows\System32\javaws.exe [153376]
O44 - LFC:[MD5.E4478DF37C06221A5E3F4EAE52F88F90] - 01/09/2010 - 23:02:12 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\java.exe [145184]
O44 - LFC:[MD5.0686CD90E881F84A2950951A305443E7] - 01/09/2010 - 23:02:11 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\deployJava1.dll [423656]
O44 - LFC:[MD5.04046F5490A71584D5EB3D644EDCE02A] - 27/08/2010 - 21:52:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix_Upload_Me_PC-DE-KEVIN.zip [40793]
O44 - LFC:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 20/08/2010 - 11:13:24 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\drivers\avipbb.sys [96104]
O44 - LFC:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 20/08/2010 - 11:13:24 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\drivers\avgntflt.sys [56816]
O44 - LFC:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 20/08/2010 - 11:13:23 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\drivers\ssmdrv.sys [28520]
O44 - LFC:[MD5.DF04DDB971EE472DA33257313DA8A250] - 11/08/2010 - 20:28:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FNTCACHE.DAT [393392]
O44 - LFC:[MD5.3F337DD54339BEAF26917D3A0A32C1DE] - 11/08/2010 - 18:33:59 ---A- . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll [81920]

---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" [Enabled] .(.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro35.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\hitmanpro35.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\hitmanpro35.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\Windows\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm
O52 - TDSD: \Drivers32\"VIDC.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="AC3ACM.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\AC3ACM.acm
O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \Drivers32\"msacm.voxacm160"="vct3216.acm" . (.Voxware, Inc. - Voxware Audio Compression Manager Driver.) -- C:\Windows\System32\vct3216.acm
O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\Windows\System32\scg726.acm
O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm
O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\Windows\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX Audio" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm
O52 - TDSD: \drivers.desc\"divx.dll"="DivX 5.0.5 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="XviD MPEG-4 Video Codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Decompressor" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"vct3216.acm"="Voxware Compression Toolkit" . (.Voxware, Inc. - Voxware Audio Compression Manager Driver.) -- C:\Windows\System32\vct3216.acm
O52 - TDSD: \drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm
O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll
O52 - TDSD: \drivers.desc\"mpg4c32.dll"="MS MPEG-4 v1,2,3 driver 4.1.0.3927" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\AGEIA PhysX SysTray [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
O53 - SMSR:HKLM\...\startupreg\ArcSoft Connection Service [Key] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O53 - SMSR:HKLM\...\startupreg\FileHippo.com [Key] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O53 - SMSR:HKLM\...\startupreg\LightScribe Control Panel [Key] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\Malwarebytes Anti-Malware (reboot) [Key] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O53 - SMSR:HKLM\...\startupreg\ORAHSSSessionManager [Key] . (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\WMPNSCFG [Key] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O53 - SMSR:HKLM\...\startupreg\XboxStat [Key] . (.Microsoft Corporation - XBoxStat.exe.) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\

Réponse 13 / 21

Utilisateur anonyme
5 sept. 2010 à 18:21

Re

le rapport de ZHPDiag est incomplet

soit tu Héberges le rapport sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport

sinon copie/colle le en plusieurs fois

Réponse 14 / 21

Utilisateur anonyme
5 sept. 2010 à 18:42

http://www.cijoint.fr/cjlink.php?file=cj201009/cijCAyx4ZZ.txt

voilà ;)

Réponse 15 / 21

Utilisateur anonyme
5 sept. 2010 à 19:27

Salut

Comment va ton PC ??

fais ceci

-+-+-+-+-> ZHPFix <-+-+-+-+-

* ferme toutes les applications ouvertes.
* Copies tout le texte présent en gras dans l'encadré ci-dessous
*( tu le selectionnes avec ta souris >> Clique droit dessus et choisis "copier" ou fait Ctrl+C )

O2 - BHO: (no name) - {00e71626-0bef-11dc-8314-0800200c9a66} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
[HKLM\Software\ASKInstaller]
[HKLM\Software\Boonty]
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\BOONTY Shared
O43 - CFD:Common File Directory ----D- C:\ProgramData\BOONTY

* Double Clique sur l'icone ZhpFix du bureau pour le lancer .
* Windows7/Vista >> Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en temps qu'administrateur"
* Une fois l'outil ZHPFix ouvert ,

* clique sur le bouton [ H ] cliques pour voir==> [ http://tinypic.com/images/goodbye.jpg Image ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal
* tu verras donc les lignes que tu as copié précédemment apparaitre .
* Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
* cliques >> OK puis
* Cliques sur >>Tous
* Pour finir clique sur >> Nettoyer .
* colle le rapport obtenu .
( ce rapport est sauvegardé dans ce dossier C:\Program files\ZHPDiag\ZHPFixReport.txt )

Réponse 16 / 21

Utilisateur anonyme
5 sept. 2010 à 23:14

Rapport de ZHPFix v1.12.3143 par Nicolas Coolman, Update du 01/09/2010
Fichier d'export Registre :
Run by kevin at 05/09/2010 23:13:32
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O2 - BHO: (no name) - {00e71626-0bef-11dc-8314-0800200c9a66} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Clé supprimée avec succès
HKLM\Software\ASKInstaller => Clé supprimée avec succès
HKLM\Software\Boonty => Clé supprimée avec succès

========== Dossier(s) ==========
C:\Program Files\Common Files\BOONTY Shared => Supprimé et mis en quarantaine
C:\ProgramData\BOONTY => Supprimé et mis en quarantaine

========== Récapitulatif ==========
3 : Clé(s) du Registre
2 : Dossier(s)

End of the scan

Réponse 17 / 21

Utilisateur anonyme
6 sept. 2010 à 16:51

Salut

1) * Installe ce Soft qui te tiendra au courant des mises à jour de tes Logiciels installés

* Télécharge Update Checker

* logiciel permet de trouver la liste des logiciels installés sur ton PC ainsi que leurs versions actuelles, et en comparant cette liste avec la base des données du serveur.
* il peut dire quel logiciel n'est pas à jour, et il te propose également de le télécharger

ICI >> Update Checker
* Installe le avec les paramètres par défaut en cliquant chaque fois sur Suivant.
* Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.
* Double-cliques sur l'icône pour être redirigé sur le site de téléchargement des mises à jour.
* Un conseil : n'installe pas les BETA qui sont listées en dessous.>> Beta Updates Detected
* Tu installes les mises à jour

2) * Vaccines tes Amovibles

* Desactive ton antivirus le temps de la manip

* Telecharge et install UsbFix (de El Desaparecido et C_XX )
ICI >> UsbFix (de El Desaparecido et C_XX )
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
* Double clique sur le raccourci UsbFix présent sur ton bureau .
* Choisis l'option >> Vacciner
* Laisse travailler l'outil.
* Ensuite poste le rapport UsbFix.txt qui apparaîtra

* Réactive ton antivirus

3) * Télécharge Supress'tools (de NicoVA) :
* Utilitaire pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

ICI >>Supress'tools (de NicoVA)

* Enregistre le fichier sur le Bureau.
* Double-cliquez sur Supresstools.exe pour l'exécuter
*(si vous êtes sous Windows Vista et Windows 7,
* fais un clic-droit sur le fichier Supresstools.exe et >> exécutez-le en tant qu'administrateur.)
* Clique sur Recherche, puis Suppression pour finaliser.
* Un rapport sera généré (il est également enregistré à la racine du disque dur : C:\Report.txt)
* poste le Rapport

@+

Utilisateur anonyme
Modifié par kev89 le 14/09/2010 à 00:24

Bonjour Virus-C-C

Désolé pour ce retard énorme, cause de travaille et pas de connexion internet.

-Udapte checker j'ai déja, je l'ouvre régulièrement et donc fais mes mise à jour des que possible.

-UsbFix j'ai aussi, j'ai déja vacciner mes disque amovible, je pourrais le re-faire pour vous envoyez un log mais ce soir je n'ai pas mon DD externe en question.

Je vais donc m'attacher Supress tools .

EDIT: j'ai Spybot pour anti spywar, j'ai cru entendre qu'il était devenu inutile. Est ce le cas ? j'ai télécharger Hitman Pro en échange.

Réponse 18 / 21

Utilisateur anonyme
14 sept. 2010 à 00:37

Rapport Supress'tools
Supress'tools a été éxécuté le 14/09/2010 à 00 : 36
Par kevin
Système d'exploitation : WIN_VISTA / X86 / Service Pack 2
Mode | Recherche |

¤¤¤¤¤¤¤ C:\ ¤¤¤¤¤¤¤

Qoobox\ trouvé !
_OTM\ trouvé !

¤¤¤¤¤¤¤ C:\Users\kevin\Desktop\ ¤¤¤¤¤¤¤

OTM.exe Trouvé !
ComboFix.exe Trouvé !
ZHPDiag.exe Trouvé !

¤¤¤¤¤¤¤ C:\Users\kevin\Documents\Téléchargements\ ¤¤¤¤¤¤¤

¤¤¤¤¤¤¤ C:\Windows\ ¤¤¤¤¤¤¤

mbr.exe Trouvé !

¤¤¤¤¤¤¤ C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\ ¤¤¤¤¤¤¤

¤¤¤¤¤¤¤ C:\Program Files\ ¤¤¤¤¤¤¤

trend micro\ trouvé !
ZHPdiag\ trouvé !
Navilog1\ trouvé !

¤¤¤¤¤¤¤ C:\Windows\Prefetch\ ¤¤¤¤¤¤¤

OTM.EXE-119D2D38.pf trouvé !
SETUP_WM.EXE-674F654A.pf trouvé !
MBR.EXE-3DE60006.pf trouvé !
HIJACKTHIS.EXE-9FD56571.pf trouvé !
ZHPDIAG.EXE-5F50D22C.pf trouvé !
ZHPDIAG.EXE-A7ABA163.pf trouvé !
ZHPDIAG.TMP-9171C6BD.pf trouvé !
ZHPFIX.EXE-85222C4E.pf trouvé !

¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤

¤¤¤¤¤¤¤ Demande d'upload ¤¤¤¤¤¤¤

UsbFix_Upload_Me_PC-DE-KEVIN.zip

=> Envoyer ceci pour aider le dévellopeur de cet outil !

((((((((((((((( EOF )))))))))))))))

Rapport Supress'tools
Supress'tools a été éxécuté le 14/09/2010 à 00 : 37
Par kevin
Système d'exploitation : WIN_VISTA / X86 / Service Pack 2
Mode | Suppression |

¤¤¤¤¤¤¤ C:\ ¤¤¤¤¤¤¤

Qoobox Supprimé !
_OTM Supprimé !

¤¤¤¤¤¤¤ C:\Users\kevin\Desktop\ ¤¤¤¤¤¤¤

OTM.exe Supprimé !
ComboFix.exe Supprimé !
ZHPDiag.exe Supprimé !

¤¤¤¤¤¤¤ C:\Users\kevin\Documents\Téléchargements ¤¤¤¤¤¤¤

¤¤¤¤¤¤¤ C:\Windows\ ¤¤¤¤¤¤¤

mbr.exe Supprimé !

¤¤¤¤¤¤¤ C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\ ¤¤¤¤¤¤¤

¤¤¤¤¤¤¤ C:\Program Files\ ¤¤¤¤¤¤¤

trend micro\ Supprimé !
Navilog1\ Supprimé !

¤¤¤¤¤¤¤ C:\Windows\Prefetch\ ¤¤¤¤¤¤¤

OTM.EXE-119D2D38.pf Supprimé !
SETUP_WM.EXE-674F654A.pf Supprimé !
MBR.EXE-3DE60006.pf Supprimé !
HIJACKTHIS.EXE-9FD56571.pf Supprimé !
ZHPDIAG.EXE-5F50D22C.pf Supprimé !
ZHPDIAG.EXE-A7ABA163.pf Supprimé !
ZHPDIAG.TMP-9171C6BD.pf Supprimé !
ZHPFIX.EXE-85222C4E.pf Supprimé !

¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤

((((((((((((((( EOF )))))))))))))))

Réponse 19 / 21

Utilisateur anonyme
14 sept. 2010 à 04:13

Salut

tu dis >> j'ai télécharger Hitman Pro en échange.

je te dis >> ni l un ni l autre Désinstalles Hitman Pro

Tu as Avira Antivir + Firewall COMODO
Conserves >Malwarebytes à jour pour analyses Complémentaires

largemement suffisant

fais ce qui suit

1) Désactive puis Réactive la restauration système de Vista

>> Désactiver ou Réactiver la restauration système de Vista

* Tu crées ensuite un point de restauration / Vista

>> créer ensuite un point de restauration / Vista

>> Regarde >> paragraphe => Créer un point de restauration

reviens me le confirmer

@+

Utilisateur anonyme
14 sept. 2010 à 10:47

Points de restau crée c'est bon.

Réponse 20 / 21

Utilisateur anonyme
14 sept. 2010 à 14:42

Salut kev89

1) * régle de sécurité :on réfléchit puis on clique et pas l'inverse
* Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

2) * Fais régulièrement une sauvegarde de tes documents importants sur un support externe (disque dur externe, CD/DVD réinscriptible...)
* Dans ce sujet, nous avons pu désinfecter ton ordinateur, mais ce n'est pas toujours le cas.
* Certaines infections cryptent les documents et demandent une rançon pour les récupérer,
* d'autres les modifient pour diffuser des infections, obligeant donc à les effacer...
* Il faut donc toujours avoir une sauvegarde saine de tes documents, sinon tu risques de les perdre.

3) * un peu de lecture
Tu prendras le temps de lire
Synthèse du Projet Antimalwares
Projet Antimalwares

et pour terminer

* Tu peux mettre ton problème résolu !!
>> Résolu

Membre Contributeur sécurité CCM
Windows Vista // Windows XP

Utilisateur anonyme
14 sept. 2010 à 22:57

1) * régle de sécurité :on réfléchit puis on clique et pas l'inverse
* Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Lol oui sa je sais ;)

Merci beaucoup pour tout, bien sympa de m'avoir accordé un peut de ton temps libre ;).

Bonne continuation !

Encore un log hijackthis ^^

21 réponses

Discussions similaires

Newsletters