Se connecter / S'enregistrer
Votre question

[Résolu]Comment fermer une backdoor et netoyer le pc?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Mai 2011 20:39:26

salut tout le monde, je vient d'hardouarie ^^

récemment j'ai baisser la garde en oubliant de scnanner des fichier pas très propres et j'ai en fait éxecuter des fichier qui contenais des chevals de troie et une back door :/  C'est en fesant un scan avant-hier que j'ai sus ce que c'était. Ils sont en quarantaine, mais pas moyen de leur mettre la main dessus :/ 

fin bref les symptomes:

le service thème plante, il se coupe tout seul et ne veut pas forcément redémarrer :/ 
la gestion de l'écran externe plante souvent :/ 
mise à jours de Windows et de Windows defender impossible alors que j'ai pu installer comodo (car j'avais laisser la par-feu Windows) et l'antivirus (AVG) peut ce mettre à jour lui aussi.
Si j'active l'écran de veille, depuis aujourd'hui à la reprise, j'ai un freeze et reboot à la main :/ 
voila je pense que c'est tout :/ 
J'ai remarquer dans comodo que le svchost.exe écoutait le port 49611, ça me parait bizarre qu'il écoute un port.
dans la liste des I/O de comodo, j'ai toujours au min un svchost.exe qui comunique avec l'extérieur

je poste un rapport hitjackthis dans 2 min;)

pc portable ACER 6920G
Windows vista 32bit sp2 à jours du 3 mai
par-feu: Comodo
AV: AVG free

j'ai réinstaller Windows ya 3 semaine car j'ai changer de dd, pas trop envie de me retaper une réinstalle :/ 

Autres pages sur : resolu fermer backdoor netoyer

9 Mai 2011 20:40:30

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:22, on 09/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Romain\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
H:\temp download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.70.2.3:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HWMonitor.lnk = C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Thèmes (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 23685 bytes
9 Mai 2011 21:36:09

'soir dede :) 

oublie hijackthis, on n'utilise plus ce tool depuis un moment.

+++++++++


1

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

    ++

    ****
    2

    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.


    ++++++++++++++++++++++++
    Contenus similaires
    9 Mai 2011 22:27:49

    oki merci, je te fait ça de suite ;) 
    9 Mai 2011 22:33:07

    donc alors le premier ;)  DDS.txt:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Romain at 22:30:35,36 on 09/05/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_15
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lkcitdl.exe
    C:\Windows\system32\lkads.exe
    C:\Windows\system32\lktsrv.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\National Instruments\MAX\nimxs.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Romain\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
    C:\Windows\system32\wermgr.exe
    C:\Windows\system32\PresentationSettings.exe
    C:\Windows\system32\WerCon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Romain\Desktop\dds.scr
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = 10.70.2.3:8080
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\windows\system32\guard32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\romain\appdata\roaming\mozilla\firefox\profiles\ryoyc4pm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/permalink.php?story_fbid=1620793772710...|http://sn127w.snt127.mail.live.com/default.aspx?rru=hom...|http://www.infos-du-net.com/forum/page-263516_6_75450.h...|http://www.air-start.net/compte.php?page=news|http://webcache.googleusercontent.com/search?q=cache:fk...|http://www.planete-lolo.com/topic-429447--Video--Halluc...|http://www.fileserve.com/file/2nAejVt|http://www.allocine.fr/video/player_gen_cmedia=19152075...|http://www.koreus.com/video/boule-neige-bowling.html|http://www.formasupaeronautique.fr/fr/formations/132.ht...|http://laserpointerforums.com/f57/led-orb-2-0-a-50012.h...|http://www.univ-rouen.fr/19124731/0/fiche_pagelibre/|http://www.formasupaeronautique.fr/fr/formations/24.htm|http://www.formasupaeronautique.fr/fr/formations/themes...|https://www.coliposte.fr/pro/services/main.jsp?m=120030...|http://www.laserfreak.net/|http://www.elektor.fr/products/credits.80711.lynkx|http://www.semageek.com/category/electronique/
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nplv2010win32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? athrusb;Atheros Wireless LAN USB device driver
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Service Google Update (gupdatem)
    R? JMCR;JMCR
    R? maconfservice;Ma-Config Service
    R? phc710;USB PC Camera (SPC710NC)
    R? WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0
    S? {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSEH;AVGIDSEH
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? CLHNService;CLHNService
    S? cmdGuard;COMODO Internet Security Sandbox Driver
    S? cmdHlp;COMODO Internet Security Helper Driver
    S? cpuz135;cpuz135
    S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
    S? FontCache;Service de cache de police Windows
    S? NIApplicationWebServer;NI Application Web Server
    S? nimDNSResponder;National Instruments mDNS Responder Service
    S? NTIPPKernel;NTIPPKernel
    .
    =============== Created Last 30 ================
    .
    2011-05-09 17:46:10 -------- d-----w- c:\users\romain\appdata\local\{4BA8E1F2-F7C7-48DB-9D6A-D3A34169E727}
    2011-05-08 14:28:55 -------- d-----w- c:\program files\COMODO
    2011-05-08 14:27:30 -------- d-----w- c:\progra~2\Comodo
    2011-05-08 12:44:13 -------- d-----w- c:\users\romain\appdata\local\{442C4282-14B6-41E5-ADA1-BD39FF9C0BA2}
    2011-05-07 14:57:18 -------- d--h--w- C:\$AVG
    2011-05-07 13:54:06 -------- d-----w- c:\users\romain\appdata\roaming\Auslogics
    2011-05-07 13:12:50 -------- d-----w- c:\users\romain\appdata\local\{CC1DD62B-9E75-45F6-9516-A3A10ACF55B6}
    2011-05-06 08:56:50 -------- d-----w- c:\users\romain\appdata\local\{2F85E8CE-E813-499E-AB7B-0E4D5AA9E200}
    2011-05-05 15:17:42 189239 ----a-w- c:\windows\system32\~.tmp
    2011-05-05 09:50:01 -------- d-----w- c:\users\romain\appdata\local\{AE940D82-220B-47A5-B1C1-EB63698491D8}
    2011-05-04 21:49:45 -------- d-----w- c:\users\romain\appdata\local\{4CBEE938-7C1A-4D3B-8FD1-61D4FE40FB44}
    2011-05-04 15:07:11 298496 ----a-w- c:\windows\uninst.exe
    2011-05-04 09:49:29 -------- d-----w- c:\users\romain\appdata\local\{C70E23B7-EFD2-44B1-A5A4-63736794EB70}
    2011-05-02 18:36:34 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-05-02 18:36:32 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-05-02 18:36:32 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-05-02 18:36:04 284744 ----a-w- c:\windows\system32\guard32.dll
    2011-05-02 12:03:21 -------- d-----w- c:\users\romain\appdata\local\{0CE22A7E-F954-4FC3-B04F-FBB0C67B3FAB}
    2011-05-01 12:35:21 -------- d-----w- c:\users\romain\appdata\local\{F624DD94-FD0D-447D-B001-B376F9D4E5CE}
    2011-04-29 10:32:03 -------- d-----w- c:\users\romain\appdata\local\{BA6D683C-A361-4CF3-8F26-29765A7925B1}
    2011-04-28 07:36:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 07:36:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 07:36:45 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-28 07:33:14 -------- d-----w- c:\users\romain\appdata\local\{998CA712-557A-43FF-8578-50A27623B998}
    2011-04-26 19:19:17 -------- d-----w- c:\users\romain\appdata\local\{A4DD00F9-F4B7-4927-8A58-3CB2B56B4EDE}
    2011-04-26 11:14:18 -------- d-----w- c:\program files\epson
    2011-04-26 11:14:17 61952 ----a-w- c:\windows\system32\escwiad.dll
    2011-04-26 11:09:36 32768 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
    2011-04-25 09:37:26 -------- d-----w- c:\users\romain\appdata\local\{A0AF8A5A-F6D5-4E86-AA33-A099CC6399E0}
    2011-04-23 19:02:58 -------- d-----w- c:\users\romain\appdata\local\CyberLink
    2011-04-23 19:02:58 -------- d-----w- c:\progra~2\PlayMovie
    2011-04-23 19:02:55 -------- d-----w- c:\users\romain\appdata\local\SoftDMA
    2011-04-23 19:02:53 -------- d-----w- c:\users\romain\appdata\local\Acer Arcade Deluxe
    2011-04-23 14:22:11 -------- d-----w- c:\progra~2\Media Center Programs
    2011-04-23 14:21:54 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-04-23 14:21:54 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2011-04-23 08:57:35 -------- d-----w- c:\users\romain\Bluetooth Software
    2011-04-23 08:24:08 -------- d-----w- c:\users\romain\appdata\local\{93746A5B-2007-4D85-9455-4CA8EA0BEC1C}
    2011-04-22 11:49:34 -------- d-----w- c:\users\romain\appdata\local\{768E8C5F-A4B7-4557-8DE1-60325DE5F044}
    2011-04-22 07:15:12 -------- d-----w- c:\program files\Lantronix
    2011-04-21 14:37:08 -------- d-----w- c:\users\romain\appdata\local\{29B71CF7-951F-4120-B65B-C2B670D92C36}
    2011-04-20 21:31:12 -------- d-----w- c:\users\romain\appdata\local\{410DFC28-51F5-4A43-8E02-5143C21F575C}
    2011-04-20 06:23:42 -------- d-----w- c:\users\romain\appdata\local\{F974207A-D132-4E33-BD69-FBA95C93FF3A}
    2011-04-19 15:29:11 -------- d-----w- c:\users\romain\appdata\local\{663B5011-E997-420F-83CD-1A0DC2A7D50B}
    2011-04-18 18:09:02 -------- d-----w- c:\users\romain\appdata\local\{CC2F02F2-E1C2-4CE4-9525-156A86568155}
    2011-04-17 19:50:18 -------- d-----w- c:\users\romain\appdata\roaming\Cocoon Software
    2011-04-17 19:50:11 -------- d-----w- c:\program files\QuickMediaConverter
    2011-04-17 19:50:02 -------- d-----w- c:\users\romain\appdata\local\WDSetup
    2011-04-17 19:00:41 -------- d-----w- c:\users\romain\appdata\local\{7AD29A1D-099D-4453-8B18-12B7A23EF870}
    2011-04-17 18:59:22 -------- d-----w- c:\users\romain\appdata\local\{A695BEF3-9E33-4890-9653-87D40D90929C}
    2011-04-17 13:40:27 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
    2011-04-17 13:40:25 -------- d-----w- c:\program files\Bethesda Softworks
    2011-04-16 13:55:29 -------- d-----w- c:\users\romain\appdata\local\{737D1D4F-9753-47DA-94AD-CF6823FF5079}
    2011-04-15 19:01:28 -------- d-----w- c:\users\romain\appdata\local\{7B1CC3F9-DD3B-4F2F-9985-C19B0D408E50}
    2011-04-15 12:00:47 -------- d-----w- c:\users\romain\appdata\local\{E5A8C57E-E8F5-4B11-8874-8C3DA737C06A}
    2011-04-13 20:43:51 -------- d-----w- c:\users\romain\motodevstudio
    2011-04-13 19:42:36 -------- d-----w- c:\users\romain\user
    2011-04-13 19:17:25 -------- d-----w- c:\users\romain\.eclipse
    2011-04-13 19:12:25 -------- d--h--w- c:\program files\InstallJammer Registry
    2011-04-13 19:10:57 -------- d-----w- c:\users\romain\workspace
    2011-04-13 18:58:30 -------- d-----w- c:\users\romain\.android
    2011-04-12 18:17:47 -------- d-----w- c:\users\romain\appdata\local\{A43B4900-54C1-443E-847E-D7B7CF1CB738}
    2011-04-12 06:17:35 -------- d-----w- c:\users\romain\appdata\local\{578B6A87-01B8-456C-AE28-1A5B83EA525B}
    2011-04-10 18:55:18 -------- d-----w- c:\users\romain\appdata\local\{BADF49B3-3255-4361-961F-A4AAEFBBF460}
    .
    ==================== Find3M ====================
    .
    2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
    2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
    2011-04-08 05:14:00 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-04-08 05:14:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-08 05:14:00 5180824 ----a-w- c:\windows\system32\nvcuda.dll
    2011-04-08 05:14:00 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-04-08 05:14:00 2034280 ----a-w- c:\windows\system32\nvapi.dll
    2011-04-08 05:14:00 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-04-08 05:14:00 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-04-08 05:14:00 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-04-07 20:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll
    2011-04-07 20:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-04-07 20:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-04-07 20:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-04-04 07:32:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-03-28 15:49:04 411368 ----a-w- c:\windows\system32\deploytk.dll
    2011-03-28 07:50:42 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-03-28 07:50:42 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-03-28 07:50:42 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-03-28 07:50:42 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-03-28 07:50:41 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-03-28 07:50:41 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-03-28 07:50:41 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-03-27 21:36:23 253 ----a-w- c:\windows\xUninstall.bat
    2011-03-27 21:35:39 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-03-27 21:35:36 315392 ----a-w- c:\windows\HideWin.exe
    2011-03-27 21:11:56 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
    2011-03-27 21:11:56 1024 ---h--r- c:\windows\system32\NTIBUN5.dll
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 22:31:44,02 ===============
    9 Mai 2011 22:51:27

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-09 22:50:32
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 OCZ-VERTEX2 rev.1.28
    Running: se0r9xtd.exe; Driver: C:\Users\Romain\AppData\Local\Temp\ugddrkow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x9201BE02]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x9201D3AA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x9201BFEE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x9201B12C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x9201BA68]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x9201B00C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x9201B7FC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x9201D03C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x9201A9F8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x9201CA4C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9201B3F4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x9201BC44]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA46DE780]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9201B698]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x9201C4E8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x9201C79C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x9201CD44]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x9201B35E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x9201B584]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA46DE830]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA46DE8D0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA46DE970]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x9201C0FC]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 119 820CA89C 4 Bytes [02, BE, 01, 92]
    .text ntkrnlpa.exe!KeSetEvent + 13D 820CA8C0 8 Bytes [AA, D3, 01, 92, EE, BF, 01, ...]
    .text ntkrnlpa.exe!KeSetEvent + 1C1 820CA944 4 Bytes [2C, B1, 01, 92]
    .text ntkrnlpa.exe!KeSetEvent + 1D9 820CA95C 4 Bytes [68, BA, 01, 92]
    .text ntkrnlpa.exe!KeSetEvent + 205 820CA988 4 Bytes [0C, B0, 01, 92]
    .text ...
    .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4699300, 0x3ACC8, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA4702300, 0x1B7E, 0xE8000020]
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xA971E000]
    .clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last section [0xA971F000, 0x1000, 0x00000000]
    ? C:\Users\Romain\AppData\Local\Temp\mbr.sys Le fichier spécifié est introuvable. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!LdrLoadDll 77C993A8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!LdrUnloadDll 77CAB740 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!LdrUnloadDll + 6 77CAB746 1 Byte [CC] {INT 3 }
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!LdrGetProcedureAddress 77CB57A0 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtAllocateVirtualMemory 77CD3F84 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtClose 77CD4164 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtCreateFile 77CD4224 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtCreateProcess 77CD42E4 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtCreateProcessEx 77CD42F4 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtDeleteFile 77CD4604 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtFreeVirtualMemory 77CD4794 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtLoadDriver 77CD48B4 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtOpenFile 77CD4A04 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtProtectVirtualMemory 77CD4B84 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtSetInformationProcess 77CD5174 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtUnloadDriver 77CD53C4 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!NtWriteVirtualMemory 77CD54C4 5 Bytes JMP 10027E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ntdll.dll!RtlAllocateHeap 77CD63B0 5 Bytes JMP 10027530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 10027A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!OpenFile 75C9355A 5 Bytes JMP 10027CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!MoveFileW 75C9A2F2 5 Bytes JMP 10027BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CopyFileExW 75CA0211 7 Bytes JMP 10027C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CopyFileW 75CA0299 5 Bytes JMP 10027C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!DeleteFileW 75CAF4B6 5 Bytes JMP 10027B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!DeleteFileA 75CAF5D2 5 Bytes JMP 10027B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!MoveFileWithProgressW 75CB10A4 5 Bytes JMP 10027B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!MoveFileExW 75CB10C8 5 Bytes JMP 10027BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!LoadLibraryExW 75CB9109 7 Bytes JMP 10027D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 10027AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 10027D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 10027AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 10027D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!GetModuleHandleA 75CD92A5 5 Bytes JMP 10027B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!GetModuleHandleW 75CDA804 5 Bytes JMP 10027AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 10027CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 10027CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!MoveFileExA 75CE0F0A 5 Bytes JMP 10027BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!MoveFileWithProgressA 75CE0F2A 5 Bytes JMP 10027B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CopyFileA 75CE2433 5 Bytes JMP 10027C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!MoveFileA 75D1F641 5 Bytes JMP 10027C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!CopyFileExA 75D219F9 5 Bytes JMP 10027C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 10027A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] kernel32.dll!LoadModule 75D25E4F 5 Bytes JMP 10027D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ADVAPI32.dll!CreateProcessAsUserA 75FACEB9 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ADVAPI32.dll!CreateProcessAsUserW 75FC1EE9 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] USER32.dll!EndTask 76F7AD32 5 Bytes JMP 1002DFA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ole32.dll!CoGetClassObject 75E8FAE8 5 Bytes JMP 1002E1E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] ole32.dll!CoCreateInstanceEx 75EA9F81 5 Bytes JMP 1002E420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] SHELL32.dll!ShellExecuteW 76289725 5 Bytes JMP 10027A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] SHELL32.dll!ShellExecuteExW 762DC155 5 Bytes JMP 100279F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] SHELL32.dll!ShellExecuteEx 7648A292 5 Bytes JMP 10027A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] SHELL32.dll!ShellExecuteA 7648A32D 5 Bytes JMP 10027A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] WININET.dll!InternetConnectA 76DC5456 5 Bytes JMP 100279D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\WerCon.exe[256] WININET.dll!InternetConnectW 76DC5AD2 5 Bytes JMP 100279B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!LdrLoadDll 77C993A8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!LdrUnloadDll 77CAB740 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!LdrUnloadDll + 6 77CAB746 1 Byte [CC] {INT 3 }
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!LdrGetProcedureAddress 77CB57A0 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtAllocateVirtualMemory 77CD3F84 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtClose 77CD4164 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtCreateFile 77CD4224 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtCreateProcess 77CD42E4 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtCreateProcessEx 77CD42F4 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtDeleteFile 77CD4604 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtFreeVirtualMemory 77CD4794 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtLoadDriver 77CD48B4 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtOpenFile 77CD4A04 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtProtectVirtualMemory 77CD4B84 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtSetInformationProcess 77CD5174 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtUnloadDriver 77CD53C4 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!NtWriteVirtualMemory 77CD54C4 5 Bytes JMP 10027E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ntdll.dll!RtlAllocateHeap 77CD63B0 5 Bytes JMP 10027530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 10027A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!OpenFile 75C9355A 5 Bytes JMP 10027CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!MoveFileW 75C9A2F2 5 Bytes JMP 10027BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CopyFileExW 75CA0211 7 Bytes JMP 10027C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CopyFileW 75CA0299 5 Bytes JMP 10027C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!DeleteFileW 75CAF4B6 5 Bytes JMP 10027B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!DeleteFileA 75CAF5D2 5 Bytes JMP 10027B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!MoveFileWithProgressW 75CB10A4 5 Bytes JMP 10027B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!MoveFileExW 75CB10C8 5 Bytes JMP 10027BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!LoadLibraryExW 75CB9109 7 Bytes JMP 10027D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 10027AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 10027D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 10027AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 10027D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!GetModuleHandleA 75CD92A5 5 Bytes JMP 10027B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!GetModuleHandleW 75CDA804 5 Bytes JMP 10027AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 10027CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 10027CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!MoveFileExA 75CE0F0A 5 Bytes JMP 10027BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!MoveFileWithProgressA 75CE0F2A 5 Bytes JMP 10027B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CopyFileA 75CE2433 5 Bytes JMP 10027C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!MoveFileA 75D1F641 5 Bytes JMP 10027C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!CopyFileExA 75D219F9 5 Bytes JMP 10027C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 10027A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] kernel32.dll!LoadModule 75D25E4F 5 Bytes JMP 10027D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ADVAPI32.dll!CreateProcessAsUserA 75FACEB9 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ADVAPI32.dll!CreateProcessAsUserW 75FC1EE9 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] USER32.dll!EndTask 76F7AD32 5 Bytes JMP 1002DFA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ole32.dll!CoGetClassObject 75E8FAE8 5 Bytes JMP 1002E1E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] ole32.dll!CoCreateInstanceEx 75EA9F81 5 Bytes JMP 1002E420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] SHELL32.dll!ShellExecuteW 76289725 5 Bytes JMP 10027A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] SHELL32.dll!ShellExecuteExW 762DC155 5 Bytes JMP 100279F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] SHELL32.dll!ShellExecuteEx 7648A292 5 Bytes JMP 10027A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] SHELL32.dll!ShellExecuteA 7648A32D 5 Bytes JMP 10027A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] WININET.dll!InternetConnectA 76DC5456 5 Bytes JMP 100279D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchFilterHost.exe[440] WININET.dll!InternetConnectW 76DC5AD2 5 Bytes JMP 100279B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!LdrLoadDll 77C993A8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll 77CAB740 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll + 6 77CAB746 1 Byte [CC] {INT 3 }
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!LdrGetProcedureAddress 77CB57A0 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtAllocateVirtualMemory 77CD3F84 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtClose 77CD4164 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtCreateFile 77CD4224 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtCreateProcess 77CD42E4 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtCreateProcessEx 77CD42F4 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtDeleteFile 77CD4604 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtFreeVirtualMemory 77CD4794 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtLoadDriver 77CD48B4 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtOpenFile 77CD4A04 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtProtectVirtualMemory 77CD4B84 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtSetInformationProcess 77CD5174 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtUnloadDriver 77CD53C4 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!NtWriteVirtualMemory 77CD54C4 5 Bytes JMP 10027E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ntdll.dll!RtlAllocateHeap 77CD63B0 5 Bytes JMP 10027530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 10027A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!OpenFile 75C9355A 5 Bytes JMP 10027CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!MoveFileW 75C9A2F2 5 Bytes JMP 10027BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CopyFileExW 75CA0211 7 Bytes JMP 10027C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CopyFileW 75CA0299 5 Bytes JMP 10027C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!DeleteFileW 75CAF4B6 5 Bytes JMP 10027B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!DeleteFileA 75CAF5D2 5 Bytes JMP 10027B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!MoveFileWithProgressW 75CB10A4 5 Bytes JMP 10027B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!MoveFileExW 75CB10C8 5 Bytes JMP 10027BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!LoadLibraryExW 75CB9109 7 Bytes JMP 10027D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 10027AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 10027D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 10027AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 10027D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!GetModuleHandleA 75CD92A5 5 Bytes JMP 10027B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!GetModuleHandleW 75CDA804 5 Bytes JMP 10027AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 10027CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 10027CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!MoveFileExA 75CE0F0A 5 Bytes JMP 10027BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!MoveFileWithProgressA 75CE0F2A 5 Bytes JMP 10027B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CopyFileA 75CE2433 5 Bytes JMP 10027C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!MoveFileA 75D1F641 5 Bytes JMP 10027C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!CopyFileExA 75D219F9 5 Bytes JMP 10027C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 10027A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] kernel32.dll!LoadModule 75D25E4F 5 Bytes JMP 10027D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessAsUserA 75FACEB9 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessAsUserW 75FC1EE9 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] USER32.dll!EndTask 76F7AD32 5 Bytes JMP 1002DFA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ole32.dll!CoGetClassObject 75E8FAE8 5 Bytes JMP 1002E1E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] ole32.dll!CoCreateInstanceEx 75EA9F81 5 Bytes JMP 1002E420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] WININET.dll!InternetConnectA 76DC5456 5 Bytes JMP 100279D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[556] WININET.dll!InternetConnectW 76DC5AD2 5 Bytes JMP 100279B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!LdrLoadDll 77C993A8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!LdrUnloadDll 77CAB740 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!LdrUnloadDll + 6 77CAB746 1 Byte [CC] {INT 3 }
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!LdrGetProcedureAddress 77CB57A0 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtAllocateVirtualMemory 77CD3F84 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtClose 77CD4164 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtCreateFile 77CD4224 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtCreateProcess 77CD42E4 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtCreateProcessEx 77CD42F4 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtDeleteFile 77CD4604 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtFreeVirtualMemory 77CD4794 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtLoadDriver 77CD48B4 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtOpenFile 77CD4A04 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtProtectVirtualMemory 77CD4B84 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtSetInformationProcess 77CD5174 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtUnloadDriver 77CD53C4 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!NtWriteVirtualMemory 77CD54C4 5 Bytes JMP 10027E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ntdll.dll!RtlAllocateHeap 77CD63B0 5 Bytes JMP 10027530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 10027A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!OpenFile 75C9355A 5 Bytes JMP 10027CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!MoveFileW 75C9A2F2 5 Bytes JMP 10027BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CopyFileExW 75CA0211 7 Bytes JMP 10027C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CopyFileW 75CA0299 5 Bytes JMP 10027C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!DeleteFileW 75CAF4B6 5 Bytes JMP 10027B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!DeleteFileA 75CAF5D2 5 Bytes JMP 10027B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!MoveFileWithProgressW 75CB10A4 5 Bytes JMP 10027B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!MoveFileExW 75CB10C8 5 Bytes JMP 10027BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!LoadLibraryExW 75CB9109 7 Bytes JMP 10027D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 10027AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 10027D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 10027AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 10027D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!GetModuleHandleA 75CD92A5 5 Bytes JMP 10027B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!GetModuleHandleW 75CDA804 5 Bytes JMP 10027AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 10027CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 10027CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!MoveFileExA 75CE0F0A 5 Bytes JMP 10027BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!MoveFileWithProgressA 75CE0F2A 5 Bytes JMP 10027B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CopyFileA 75CE2433 5 Bytes JMP 10027C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!MoveFileA 75D1F641 5 Bytes JMP 10027C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!CopyFileExA 75D219F9 5 Bytes JMP 10027C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 10027A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] kernel32.dll!LoadModule 75D25E4F 5 Bytes JMP 10027D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ADVAPI32.dll!CreateProcessAsUserA 75FACEB9 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ADVAPI32.dll!CreateProcessAsUserW 75FC1EE9 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] USER32.dll!EndTask 76F7AD32 5 Bytes JMP 1002DFA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ole32.dll!CoGetClassObject 75E8FAE8 5 Bytes JMP 1002E1E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] ole32.dll!CoCreateInstanceEx 75EA9F81 5 Bytes JMP 1002E420 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] WININET.dll!InternetConnectA 76DC5456 5 Bytes JMP 100279D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] WININET.dll!InternetConnectW 76DC5AD2 5 Bytes JMP 100279B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] SHELL32.dll!ShellExecuteW 76289725 5 Bytes JMP 10027A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] SHELL32.dll!ShellExecuteExW 762DC155 5 Bytes JMP 100279F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] SHELL32.dll!ShellExecuteEx 7648A292 5 Bytes JMP 10027A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[632] SHELL32.dll!ShellExecuteA 7648A32D 5 Bytes JMP 10027A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrLoadDll 77C993A8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll 77CAB740 5 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll + 6 77CAB746 1 Byte [CC] {INT 3 }
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrGetProcedureAddress 77CB57A0 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtAllocateVirtualMemory 77CD3F84 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtClose 77CD4164 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateFile 77CD4224 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcess 77CD42E4 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcessEx 77CD42F4 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtDeleteFile 77CD4604 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtFreeVirtualMemory 77CD4794 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtLoadDriver 77CD48B4 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtOpenFile 77CD4A04 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtProtectVirtualMemory 77CD4B84 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtSetInformationProcess 77CD5174 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtUnloadDriver
    9 Mai 2011 23:03:43

    le fichier fait presuqe 1 mo, je l'ai upload ==>

    File name: gmer.txt File size: 982.81 KB

    sinon il à trouver un rookit ==> ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
    10 Mai 2011 21:08:38

    re

    on va dégager le rk...


    telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

    o execute le , La fenêtre suivante va s'ouvrir::



    o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

    o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

    o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

    tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...

    10 Mai 2011 21:36:44

    voila, c'était un TDSS.tdl4 ;) 

    2011/05/10 21:27:42.0609 1048 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/10 21:27:44.0611 1048 ================================================================================
    2011/05/10 21:27:44.0611 1048 SystemInfo:
    2011/05/10 21:27:44.0611 1048
    2011/05/10 21:27:44.0611 1048 OS Version: 6.0.6002 ServicePack: 2.0
    2011/05/10 21:27:44.0611 1048 Product type: Workstation
    2011/05/10 21:27:44.0611 1048 ComputerName: PC-DE-ROMAIN
    2011/05/10 21:27:44.0611 1048 UserName: Romain
    2011/05/10 21:27:44.0611 1048 Windows directory: C:\Windows
    2011/05/10 21:27:44.0611 1048 System windows directory: C:\Windows
    2011/05/10 21:27:44.0611 1048 Processor architecture: Intel x86
    2011/05/10 21:27:44.0611 1048 Number of processors: 2
    2011/05/10 21:27:44.0611 1048 Page size: 0x1000
    2011/05/10 21:27:44.0611 1048 Boot type: Normal boot
    2011/05/10 21:27:44.0611 1048 ================================================================================
    2011/05/10 21:27:44.0835 1048 Initialize success
    2011/05/10 21:29:30.0654 1828 ================================================================================
    2011/05/10 21:29:30.0654 1828 Scan started
    2011/05/10 21:29:30.0654 1828 Mode: Manual;
    2011/05/10 21:29:30.0654 1828 ================================================================================
    2011/05/10 21:29:31.0097 1828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/05/10 21:29:31.0133 1828 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/05/10 21:29:31.0165 1828 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/05/10 21:29:31.0193 1828 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/05/10 21:29:31.0219 1828 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/05/10 21:29:31.0259 1828 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/05/10 21:29:31.0287 1828 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/05/10 21:29:31.0314 1828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/05/10 21:29:31.0343 1828 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/05/10 21:29:31.0367 1828 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/05/10 21:29:31.0391 1828 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/05/10 21:29:31.0421 1828 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/05/10 21:29:31.0449 1828 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/05/10 21:29:31.0478 1828 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/05/10 21:29:31.0503 1828 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/05/10 21:29:31.0543 1828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/10 21:29:31.0566 1828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/05/10 21:29:31.0602 1828 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
    2011/05/10 21:29:31.0640 1828 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
    2011/05/10 21:29:31.0690 1828 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    2011/05/10 21:29:31.0712 1828 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    2011/05/10 21:29:31.0737 1828 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    2011/05/10 21:29:31.0762 1828 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    2011/05/10 21:29:31.0792 1828 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
    2011/05/10 21:29:31.0829 1828 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
    2011/05/10 21:29:31.0853 1828 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
    2011/05/10 21:29:31.0886 1828 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
    2011/05/10 21:29:31.0925 1828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/05/10 21:29:31.0960 1828 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/05/10 21:29:31.0986 1828 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/10 21:29:32.0009 1828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/05/10 21:29:32.0032 1828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/05/10 21:29:32.0064 1828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/05/10 21:29:32.0088 1828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/05/10 21:29:32.0114 1828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/05/10 21:29:32.0138 1828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/05/10 21:29:32.0165 1828 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/05/10 21:29:32.0189 1828 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/05/10 21:29:32.0215 1828 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/05/10 21:29:32.0248 1828 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2011/05/10 21:29:32.0281 1828 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/05/10 21:29:32.0310 1828 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
    2011/05/10 21:29:32.0334 1828 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
    2011/05/10 21:29:32.0357 1828 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/05/10 21:29:32.0383 1828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/10 21:29:32.0423 1828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/10 21:29:32.0454 1828 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/05/10 21:29:32.0479 1828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/05/10 21:29:32.0521 1828 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/10 21:29:32.0552 1828 cmdGuard (ab491f59adb3a496a6a13636767c9317) C:\Windows\system32\DRIVERS\cmdguard.sys
    2011/05/10 21:29:32.0575 1828 cmdHlp (4eca66ad76e621b8d4cf8b861a5d2ff6) C:\Windows\system32\DRIVERS\cmdhlp.sys
    2011/05/10 21:29:32.0599 1828 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/05/10 21:29:32.0623 1828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/10 21:29:32.0653 1828 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
    2011/05/10 21:29:32.0678 1828 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/05/10 21:29:32.0702 1828 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/05/10 21:29:32.0737 1828 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
    2011/05/10 21:29:32.0780 1828 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/10 21:29:32.0825 1828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/05/10 21:29:32.0849 1828 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    2011/05/10 21:29:32.0881 1828 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    2011/05/10 21:29:32.0901 1828 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    2011/05/10 21:29:32.0927 1828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/10 21:29:32.0959 1828 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/05/10 21:29:32.0998 1828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/10 21:29:33.0031 1828 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/05/10 21:29:33.0063 1828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/05/10 21:29:33.0109 1828 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/05/10 21:29:33.0144 1828 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
    2011/05/10 21:29:33.0191 1828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/05/10 21:29:33.0220 1828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/05/10 21:29:33.0243 1828 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/10 21:29:33.0280 1828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/10 21:29:33.0304 1828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/05/10 21:29:33.0328 1828 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/10 21:29:33.0355 1828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/10 21:29:33.0394 1828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/10 21:29:33.0429 1828 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/05/10 21:29:33.0471 1828 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/10 21:29:33.0510 1828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/10 21:29:33.0540 1828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/05/10 21:29:33.0564 1828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/05/10 21:29:33.0594 1828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/10 21:29:33.0623 1828 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
    2011/05/10 21:29:33.0657 1828 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/05/10 21:29:33.0687 1828 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/05/10 21:29:33.0713 1828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/10 21:29:33.0740 1828 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/05/10 21:29:33.0773 1828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/05/10 21:29:33.0811 1828 inspect (f0b1f95f5864e7b52332f014ea9adc63) C:\Windows\system32\DRIVERS\inspect.sys
    2011/05/10 21:29:33.0877 1828 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/10 21:29:33.0941 1828 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/05/10 21:29:33.0966 1828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/10 21:29:33.0998 1828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/10 21:29:34.0049 1828 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
    2011/05/10 21:29:34.0073 1828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/05/10 21:29:34.0098 1828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/05/10 21:29:34.0120 1828 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/05/10 21:29:34.0149 1828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/10 21:29:34.0173 1828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/05/10 21:29:34.0198 1828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/05/10 21:29:34.0224 1828 JMCR (8123f605779db22ffc67fa84b8381803) C:\Windows\system32\DRIVERS\jmcr.sys
    2011/05/10 21:29:34.0250 1828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/10 21:29:34.0271 1828 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/10 21:29:34.0308 1828 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/10 21:29:34.0353 1828 L1E (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
    2011/05/10 21:29:34.0403 1828 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/05/10 21:29:34.0457 1828 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
    2011/05/10 21:29:34.0501 1828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/10 21:29:34.0557 1828 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/05/10 21:29:34.0588 1828 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/05/10 21:29:34.0622 1828 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/05/10 21:29:34.0656 1828 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/05/10 21:29:34.0693 1828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/05/10 21:29:34.0728 1828 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2011/05/10 21:29:34.0769 1828 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/05/10 21:29:34.0808 1828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/05/10 21:29:34.0853 1828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/05/10 21:29:34.0881 1828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/10 21:29:34.0906 1828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/10 21:29:34.0931 1828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/10 21:29:34.0956 1828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/10 21:29:34.0982 1828 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
    2011/05/10 21:29:35.0007 1828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/10 21:29:35.0038 1828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/05/10 21:29:35.0062 1828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/10 21:29:35.0089 1828 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/10 21:29:35.0115 1828 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/10 21:29:35.0141 1828 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/10 21:29:35.0166 1828 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    2011/05/10 21:29:35.0194 1828 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
    2011/05/10 21:29:35.0233 1828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/05/10 21:29:35.0258 1828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/05/10 21:29:35.0292 1828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/10 21:29:35.0318 1828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/10 21:29:35.0341 1828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/10 21:29:35.0369 1828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/10 21:29:35.0401 1828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/10 21:29:35.0436 1828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/10 21:29:35.0461 1828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/05/10 21:29:35.0501 1828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/10 21:29:35.0548 1828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/05/10 21:29:35.0581 1828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/10 21:29:35.0605 1828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/10 21:29:35.0632 1828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/10 21:29:35.0658 1828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/10 21:29:35.0683 1828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/10 21:29:35.0713 1828 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/10 21:29:35.0817 1828 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/05/10 21:29:35.0879 1828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/05/10 21:29:35.0944 1828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/05/10 21:29:35.0973 1828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/10 21:29:36.0027 1828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/10 21:29:36.0073 1828 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2011/05/10 21:29:36.0094 1828 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
    2011/05/10 21:29:36.0119 1828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/05/10 21:29:36.0144 1828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/05/10 21:29:36.0314 1828 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/10 21:29:36.0500 1828 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/05/10 21:29:36.0526 1828 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/05/10 21:29:36.0560 1828 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/05/10 21:29:36.0634 1828 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/05/10 21:29:36.0679 1828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/05/10 21:29:36.0705 1828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/05/10 21:29:36.0728 1828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/05/10 21:29:36.0765 1828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/05/10 21:29:36.0789 1828 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/05/10 21:29:36.0816 1828 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/05/10 21:29:36.0859 1828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/05/10 21:29:36.0940 1828 phc710 (c88f3cf5e1da808a6977d4b2ad512728) C:\Windows\system32\DRIVERS\phc710.sys
    2011/05/10 21:29:37.0001 1828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/10 21:29:37.0028 1828 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/05/10 21:29:37.0067 1828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/10 21:29:37.0105 1828 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/05/10 21:29:37.0142 1828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/05/10 21:29:37.0170 1828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/10 21:29:37.0195 1828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/10 21:29:37.0225 1828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/10 21:29:37.0254 1828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/10 21:29:37.0280 1828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/10 21:29:37.0308 1828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/10 21:29:37.0336 1828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/10 21:29:37.0366 1828 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/10 21:29:37.0393 1828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/10 21:29:37.0433 1828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/10 21:29:37.0478 1828 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/05/10 21:29:37.0514 1828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/10 21:29:37.0547 1828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/05/10 21:29:37.0594 1828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/10 21:29:37.0630 1828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/05/10 21:29:37.0655 1828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/05/10 21:29:37.0681 1828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/05/10 21:29:37.0727 1828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/05/10 21:29:37.0751 1828 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/10 21:29:37.0775 1828 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
    2011/05/10 21:29:37.0801 1828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/05/10 21:29:37.0839 1828 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/05/10 21:29:37.0862 1828 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/05/10 21:29:37.0886 1828 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/05/10 21:29:37.0934 1828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/10 21:29:37.0984 1828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/05/10 21:29:38.0024 1828 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/10 21:29:38.0057 1828 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/10 21:29:38.0091 1828 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/10 21:29:38.0130 1828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/10 21:29:38.0160 1828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/05/10 21:29:38.0185 1828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/05/10 21:29:38.0210 1828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/05/10 21:29:38.0239 1828 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/05/10 21:29:38.0306 1828 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/05/10 21:29:38.0362 1828 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/10 21:29:38.0388 1828 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/10 21:29:38.0420 1828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/10 21:29:38.0447 1828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/10 21:29:38.0472 1828 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/10 21:29:38.0504 1828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/10 21:29:38.0564 1828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/10 21:29:38.0590 1828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/05/10 21:29:38.0615 1828 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/10 21:29:38.0639 1828 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/05/10 21:29:38.0663 1828 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
    2011/05/10 21:29:38.0692 1828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/10 21:29:38.0746 1828 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/05/10 21:29:38.0774 1828 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/05/10 21:29:38.0802 1828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/05/10 21:29:38.0828 1828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/05/10 21:29:38.0852 1828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/10 21:29:38.0888 1828 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/05/10 21:29:38.0913 1828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/10 21:29:38.0938 1828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/05/10 21:29:38.0963 1828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/10 21:29:38.0995 1828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/10 21:29:39.0030 1828 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/05/10 21:29:39.0056 1828 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/10 21:29:39.0092 1828 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/05/10 21:29:39.0122 1828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/10 21:29:39.0149 1828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/10 21:29:39.0194 1828 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/10 21:29:39.0222 1828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/05/10 21:29:39.0248 1828 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/05/10 21:29:39.0281 1828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/05/10 21:29:39.0309 1828 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/05/10 21:29:39.0339 1828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/05/10 21:29:39.0368 1828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/10 21:29:39.0403 1828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/05/10 21:29:39.0439 1828 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/05/10 21:29:39.0478 1828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/05/10 21:29:39.0506 1828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/10 21:29:39.0522 1828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/10 21:29:39.0560 1828 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/05/10 21:29:39.0598 1828 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/10 21:29:39.0721 1828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/10 21:29:39.0788 1828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/10 21:29:39.0836 1828 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/10 21:29:39.0880 1828 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    2011/05/10 21:29:39.0918 1828 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
    2011/05/10 21:29:39.0962 1828 \HardDisk2 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/10 21:29:40.0072 1828 ================================================================================
    2011/05/10 21:29:40.0072 1828 Scan finished
    2011/05/10 21:29:40.0072 1828 ================================================================================
    2011/05/10 21:29:40.0088 4436 Detected object count: 1
    2011/05/10 21:30:40.0220 4436 \HardDisk2 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/10 21:30:40.0220 4436 \HardDisk2 - ok
    2011/05/10 21:30:40.0221 4436 Rootkit.Win32.TDSS.tdl4(\HardDisk2) - User select action: Cure
    2011/05/10 21:30:45.0253 2268 Deinitialize success
    10 Mai 2011 21:47:56

    ok :) 

    +++++++++


    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++




    10 Mai 2011 22:38:11

    j'ai du supr avg pour qu'il puisse faire le test :/ 

    ComboFix 11-05-09.03 - Romain 10/05/2011 22:29:47.1.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1884 [GMT 2:00]
    Lancé depuis: c:\users\Romain\Desktop\ComboFix.exe
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\~.inf
    c:\windows\system32\Ijl11.dll
    c:\windows\system32\zlibwapi.dll
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-10 au 2011-05-10 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-10 20:34 . 2011-05-10 20:34 -------- d-----w- c:\users\Romain\AppData\Local\temp
    2011-05-10 20:34 . 2011-05-10 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-10 20:02 . 2011-05-10 20:03 -------- d-----w- c:\program files\VCop2
    2011-05-09 17:46 . 2011-05-09 17:46 -------- d-----w- c:\users\Romain\AppData\Local\{4BA8E1F2-F7C7-48DB-9D6A-D3A34169E727}
    2011-05-08 14:28 . 2011-05-08 14:28 -------- d-----w- c:\program files\COMODO
    2011-05-08 14:27 . 2011-05-08 14:44 -------- d-----w- c:\programdata\Comodo
    2011-05-08 12:44 . 2011-05-08 12:44 -------- d-----w- c:\users\Romain\AppData\Local\{442C4282-14B6-41E5-ADA1-BD39FF9C0BA2}
    2011-05-07 14:57 . 2011-05-07 14:57 -------- d-----w- C:\$AVG
    2011-05-07 13:54 . 2011-05-07 13:54 -------- d-----w- c:\users\Romain\AppData\Roaming\Auslogics
    2011-05-07 13:39 . 2011-05-07 14:29 -------- d-----w- c:\programdata\NVIDIA
    2011-05-07 13:12 . 2011-05-07 13:12 -------- d-----w- c:\users\Romain\AppData\Local\{CC1DD62B-9E75-45F6-9516-A3A10ACF55B6}
    2011-05-06 08:56 . 2011-05-06 08:57 -------- d-----w- c:\users\Romain\AppData\Local\{2F85E8CE-E813-499E-AB7B-0E4D5AA9E200}
    2011-05-05 15:17 . 2011-05-05 15:19 189239 ----a-w- c:\windows\system32\~.tmp
    2011-05-05 09:50 . 2011-05-05 09:50 -------- d-----w- c:\users\Romain\AppData\Local\{AE940D82-220B-47A5-B1C1-EB63698491D8}
    2011-05-04 21:49 . 2011-05-04 21:49 -------- d-----w- c:\users\Romain\AppData\Local\{4CBEE938-7C1A-4D3B-8FD1-61D4FE40FB44}
    2011-05-04 15:07 . 1996-08-16 12:49 298496 ----a-w- c:\windows\uninst.exe
    2011-05-04 09:49 . 2011-05-04 09:49 -------- d-----w- c:\users\Romain\AppData\Local\{C70E23B7-EFD2-44B1-A5A4-63736794EB70}
    2011-05-03 19:43 . 2011-05-03 19:43 -------- d-----w- c:\program files\Google
    2011-05-02 18:36 . 2011-05-10 18:41 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-05-02 18:36 . 2011-05-02 18:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-05-02 18:36 . 2011-05-02 18:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-05-02 18:36 . 2011-05-02 18:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-05-02 18:36 . 2011-05-02 18:36 284744 ----a-w- c:\windows\system32\guard32.dll
    2011-05-02 12:03 . 2011-05-02 12:03 -------- d-----w- c:\users\Romain\AppData\Local\{0CE22A7E-F954-4FC3-B04F-FBB0C67B3FAB}
    2011-05-01 12:35 . 2011-05-01 12:35 -------- d-----w- c:\users\Romain\AppData\Local\{F624DD94-FD0D-447D-B001-B376F9D4E5CE}
    2011-04-29 10:32 . 2011-04-29 10:32 -------- d-----w- c:\users\Romain\AppData\Local\{BA6D683C-A361-4CF3-8F26-29765A7925B1}
    2011-04-28 07:36 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 07:36 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 07:36 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-28 07:33 . 2011-04-28 07:33 -------- d-----w- c:\users\Romain\AppData\Local\{998CA712-557A-43FF-8578-50A27623B998}
    2011-04-26 19:19 . 2011-04-26 19:19 -------- d-----w- c:\users\Romain\AppData\Local\{A4DD00F9-F4B7-4927-8A58-3CB2B56B4EDE}
    2011-04-26 11:17 . 2011-04-26 11:17 -------- d-----w- c:\users\Romain\AppData\Roaming\EPSON
    2011-04-26 11:14 . 2011-04-26 11:14 -------- d-----w- c:\program files\epson
    2011-04-26 11:14 . 2006-10-12 22:00 61952 ----a-w- c:\windows\system32\escwiad.dll
    2011-04-26 11:09 . 2006-11-02 09:46 32768 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EP0NPP01.DLL
    2011-04-25 09:37 . 2011-04-25 09:37 -------- d-----w- c:\users\Romain\AppData\Local\{A0AF8A5A-F6D5-4E86-AA33-A099CC6399E0}
    2011-04-23 19:02 . 2011-04-23 19:02 -------- d-----w- c:\users\Romain\AppData\Local\CyberLink
    2011-04-23 19:02 . 2011-04-23 19:02 -------- d-----w- c:\programdata\PlayMovie
    2011-04-23 19:02 . 2011-04-23 19:02 -------- d-----w- c:\users\Romain\AppData\Local\SoftDMA
    2011-04-23 19:02 . 2011-04-23 19:03 -------- d-----w- c:\users\Romain\AppData\Roaming\CyberLink
    2011-04-23 19:02 . 2011-04-23 19:02 -------- d-----w- c:\users\Romain\AppData\Local\Acer Arcade Deluxe
    2011-04-23 14:22 . 2011-04-23 14:22 -------- d-----w- c:\programdata\Media Center Programs
    2011-04-23 14:21 . 2011-04-23 14:21 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-04-23 14:21 . 2011-04-23 14:21 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2011-04-23 14:14 . 2011-04-23 14:14 -------- d-----w- c:\program files\Ubisoft
    2011-04-23 08:57 . 2011-04-23 08:57 -------- d-----w- c:\users\Romain\Bluetooth Software
    2011-04-23 08:24 . 2011-04-23 08:24 -------- d-----w- c:\users\Romain\AppData\Local\{93746A5B-2007-4D85-9455-4CA8EA0BEC1C}
    2011-04-22 11:49 . 2011-04-22 11:49 -------- d-----w- c:\users\Romain\AppData\Local\{768E8C5F-A4B7-4557-8DE1-60325DE5F044}
    2011-04-22 07:15 . 2011-04-22 07:15 -------- d-----w- c:\program files\Lantronix
    2011-04-21 14:37 . 2011-04-21 14:37 -------- d-----w- c:\users\Romain\AppData\Local\{29B71CF7-951F-4120-B65B-C2B670D92C36}
    2011-04-20 21:31 . 2011-04-20 21:31 -------- d-----w- c:\users\Romain\AppData\Local\{410DFC28-51F5-4A43-8E02-5143C21F575C}
    2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\users\Romain\AppData\Local\{F974207A-D132-4E33-BD69-FBA95C93FF3A}
    2011-04-19 15:29 . 2011-04-19 15:29 -------- d-----w- c:\users\Romain\AppData\Local\{663B5011-E997-420F-83CD-1A0DC2A7D50B}
    2011-04-18 18:09 . 2011-04-18 18:09 -------- d-----w- c:\users\Romain\AppData\Local\{CC2F02F2-E1C2-4CE4-9525-156A86568155}
    2011-04-17 19:50 . 2011-04-17 19:50 -------- d-----w- c:\users\Romain\AppData\Roaming\Cocoon Software
    2011-04-17 19:50 . 2011-04-17 19:56 -------- d-----w- c:\program files\QuickMediaConverter
    2011-04-17 19:50 . 2011-04-17 19:50 -------- d-----w- c:\users\Romain\AppData\Local\WDSetup
    2011-04-17 19:00 . 2011-04-17 19:00 -------- d-----w- c:\users\Romain\AppData\Local\{7AD29A1D-099D-4453-8B18-12B7A23EF870}
    2011-04-17 18:59 . 2011-04-17 18:59 -------- d-----w- c:\users\Romain\AppData\Local\{A695BEF3-9E33-4890-9653-87D40D90929C}
    2011-04-17 13:40 . 1998-06-17 17:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
    2011-04-17 13:40 . 2011-04-17 13:40 -------- d-----w- c:\program files\Bethesda Softworks
    2011-04-16 13:55 . 2011-04-16 13:55 -------- d-----w- c:\users\Romain\AppData\Local\{737D1D4F-9753-47DA-94AD-CF6823FF5079}
    2011-04-15 19:01 . 2011-04-15 19:01 -------- d-----w- c:\users\Romain\AppData\Local\{7B1CC3F9-DD3B-4F2F-9985-C19B0D408E50}
    2011-04-15 12:23 . 2011-04-15 12:59 -------- d-----w- c:\users\Romain\AppData\Roaming\Notepad++
    2011-04-15 12:23 . 2011-04-15 12:23 -------- d-----w- c:\program files\Notepad++
    2011-04-15 12:00 . 2011-04-15 12:00 -------- d-----w- c:\users\Romain\AppData\Local\{E5A8C57E-E8F5-4B11-8874-8C3DA737C06A}
    2011-04-13 20:43 . 2011-04-13 20:43 -------- d-----w- c:\users\Romain\motodevstudio
    2011-04-13 19:42 . 2011-04-13 19:42 -------- d-----w- c:\users\Romain\user
    2011-04-13 19:17 . 2011-04-13 19:17 -------- d-----w- c:\users\Romain\.eclipse
    2011-04-13 19:12 . 2011-04-13 19:12 -------- d--h--w- c:\program files\InstallJammer Registry
    2011-04-13 19:10 . 2011-04-14 17:57 -------- d-----w- c:\users\Romain\workspace
    2011-04-13 18:58 . 2011-04-13 20:22 -------- d-----w- c:\users\Romain\.android
    2011-04-12 18:17 . 2011-04-12 18:17 -------- d-----w- c:\users\Romain\AppData\Local\{A43B4900-54C1-443E-847E-D7B7CF1CB738}
    2011-04-12 06:17 . 2011-04-12 06:17 -------- d-----w- c:\users\Romain\AppData\Local\{578B6A87-01B8-456C-AE28-1A5B83EA525B}
    2011-04-11 20:09 . 2011-04-11 20:09 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-21 08:10 . 2011-03-27 21:54 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-04-08 05:14 . 2011-05-07 14:27 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:43 . 2011-04-07 20:43 66664 ----a-w- c:\windows\system32\nvshext.dll
    2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:43 . 2011-04-07 20:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-04-04 07:32 . 2011-04-04 07:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-03-28 18:00 . 2011-03-28 18:00 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-03-28 15:49 . 2011-03-28 15:49 411368 ----a-w- c:\windows\system32\deploytk.dll
    2011-03-28 13:42 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-28 07:51 . 2011-03-28 07:51 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-03-28 07:51 . 2011-03-28 07:51 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-03-28 07:51 . 2011-03-28 07:51 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-28 07:51 . 2011-03-28 07:51 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-28 07:51 . 2011-03-28 07:51 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-28 07:51 . 2011-03-28 07:51 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-28 07:51 . 2011-03-28 07:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-28 07:51 . 2011-03-28 07:51 367104 ----a-w- c:\windows\system32\html.iec
    2011-03-28 07:51 . 2011-03-28 07:51 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-28 07:51 . 2011-03-28 07:51 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-28 07:51 . 2011-03-28 07:51 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-03-28 07:51 . 2011-03-28 07:51 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-28 07:51 . 2011-03-28 07:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-28 07:51 . 2011-03-28 07:51 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-28 07:51 . 2011-03-28 07:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-28 07:51 . 2011-03-28 07:51 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-28 07:51 . 2011-03-28 07:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-28 07:51 . 2011-03-28 07:51 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-03-28 07:51 . 2011-03-28 07:51 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-03-28 07:51 . 2011-03-28 07:51 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-28 07:51 . 2011-03-28 07:51 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-28 07:51 . 2011-03-28 07:51 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-03-28 07:51 . 2011-03-28 07:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-03-28 07:51 . 2011-03-28 07:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-03-28 07:51 . 2011-03-28 07:51 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-03-28 07:51 . 2011-03-28 07:51 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-03-28 07:51 . 2011-03-28 07:51 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-03-28 07:51 . 2011-03-28 07:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-03-28 07:51 . 2011-03-28 07:51 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-03-28 07:51 . 2011-03-28 07:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-28 07:51 . 2011-03-28 07:51 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-03-28 07:51 . 2011-03-28 07:51 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-03-28 07:51 . 2011-03-28 07:51 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-03-28 07:51 . 2011-03-28 07:51 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-03-28 07:51 . 2011-03-28 07:51 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-03-28 07:51 . 2011-03-28 07:51 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-03-28 07:51 . 2011-03-28 07:51 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-03-28 07:51 . 2011-03-28 07:51 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-03-28 07:51 . 2011-03-28 07:51 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-03-28 07:51 . 2011-03-28 07:51 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-03-28 07:51 . 2011-03-28 07:51 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-03-28 07:51 . 2011-03-28 07:51 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-03-28 07:51 . 2011-03-28 07:51 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-03-28 07:51 . 2011-03-28 07:51 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-03-28 07:51 . 2011-03-28 07:51 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-03-28 07:50 . 2011-03-28 07:50 4096 ----a-w- c:\windows\system32\drivers\fr-FR\dxgkrnl.sys.mui
    2011-03-28 07:50 . 2011-03-28 07:50 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-03-28 07:50 . 2011-03-28 07:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-03-28 07:50 . 2011-03-28 07:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-03-28 07:50 . 2011-03-28 07:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-03-28 07:50 . 2011-03-28 07:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-03-28 07:50 . 2011-03-28 07:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-03-28 07:50 . 2011-03-28 07:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-03-27 21:54 . 2011-03-27 21:54 53248 ----a-r- c:\users\Romain\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-03-27 21:36 . 2011-03-27 21:36 253 ----a-w- c:\windows\xUninstall.bat
    2011-03-27 21:35 . 2011-03-27 21:35 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-03-27 21:35 . 2011-03-27 21:35 315392 ----a-w- c:\windows\HideWin.exe
    2011-03-03 15:40 . 2011-04-28 07:36 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-28 07:36 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-28 07:36 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-28 07:36 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-28 11:45 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-28 11:45 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-28 11:45 797696 ----a-w- c:\windows\system32\FntCache.dll
    2010-06-25 11:57 . 2010-06-25 11:57 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
    2010-05-25 10:43 . 2010-05-25 10:43 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
    2011-04-30 18:54 . 2011-03-27 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-08 17037704]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
    .
    c:\users\Romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    HWMonitor.lnk - c:\program files\CPUID\HWMonitor\HWMonitor.exe [2011-3-27 1325544]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin710.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin710.exe.lnk
    backup=c:\windows\pss\TrayMin710.exe.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Romain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
    path=c:\users\Romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk
    backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
    2008-03-05 13:55 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2008-03-05 13:55 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
    2009-11-19 15:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
    2010-05-27 21:20 77824 ----a-w- c:\program files\National Instruments\Shared\Update Service\niupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc710]
    2006-10-16 08:18 344064 ----a-w- c:\windows\vphc710.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    2008-03-04 19:21 167936 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-03-13 80912]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-03-10 311744]
    R3 phc710;USB PC Camera (SPC710NC);c:\windows\system32\DRIVERS\phc710.sys [2006-10-16 644864]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-02 238960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-02 36568]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-28 218688]
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-03-05 41456]
    S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
    S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 47776]
    S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-06-23 193712]
    S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 19:43]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 19:43]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyServer = 10.70.2.3:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\users\Romain\AppData\Roaming\Mozilla\Firefox\Profiles\ryoyc4pm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/permalink.php?story_fbid=1620793772710...|http://sn127w.snt127.mail.live.com/default.aspx?rru=hom...|http://www.infos-du-net.com/forum/page-263516_6_75450.h...|http://www.air-start.net/compte.php?page=news|http://webcache.googleusercontent.com/search?q=cache:fk...|http://www.planete-lolo.com/topic-429447--Video--Halluc...|http://www.fileserve.com/file/2nAejVt|http://www.allocine.fr/video/player_gen_cmedia=19152075...|http://www.koreus.com/video/boule-neige-bowling.html|http://www.formasupaeronautique.fr/fr/formations/132.ht...|http://laserpointerforums.com/f57/led-orb-2-0-a-50012.h...|http://www.univ-rouen.fr/19124731/0/fiche_pagelibre/|http://www.formasupaeronautique.fr/fr/formations/24.htm|http://www.formasupaeronautique.fr/fr/formations/themes...|https://www.coliposte.fr/pro/services/main.jsp?m=120030...|http://www.laserfreak.net/|http://www.elektor.fr/products/credits.80711.lynkx|http://www.semageek.com/category/electronique/
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-F9AE2226-25C4-3E49-D1A5-FB3F55153305 - e:\dev_tools android\motodev_studio2.1.1_english\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-10 22:34
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(896)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'lsass.exe'(712)
    c:\windows\system32\guard32.dll
    .
    Heure de fin: 2011-05-10 22:36:09
    ComboFix-quarantined-files.txt 2011-05-10 20:36
    .
    Avant-CF: 4 782 440 448 octets libres
    Après-CF: 4 457 906 176 octets libres
    .
    - - End Of File - - 8A2A4ECD82834494612935098B551B30
    10 Mai 2011 23:31:12

    re

    Télécharge TFC par OldTimer sur votre Bureau:
    http://oldtimer.geekstogo.com/TFC.exe
    Fais un double clic (clic droit executer en tant qu'administrateur avec vista) sur TFC.exe pour le lancer.
    L'outil va fermer tous les programmes lors de son exécution, donc vérifie que tu as sauvegardé tout ton travail en cours avant de commencer.
    * Clique sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle tu supprimes tes fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laisse le programme s'exécuter sans l'interrompre.
    Lorsqu'il a terminé, l'outil devrait faire redémarrer ton système.

    ****

    puis après, tu refais un scan avec DDS et tu postes le rapport. ;) 
    10 Mai 2011 23:53:28

    oki merci, je ferais ça demain matin et je te dis quoi ;) 
    11 Mai 2011 07:44:04

    voila :p 

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Romain at 7:42:09,86 on 11/05/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_15
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1529 [GMT 2:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\lkcitdl.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
    C:\Windows\system32\lkads.exe
    C:\Windows\system32\lktsrv.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\National Instruments\MAX\nimxs.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Romain\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\Romain\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = 10.70.2.3:8080
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\users\romain\appdata\roaming\micros~1\windows\startm~1\programs\startup\hwmoni~1.lnk - c:\program files\cpuid\hwmonitor\HWMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\windows\system32\guard32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\romain\appdata\roaming\mozilla\firefox\profiles\ryoyc4pm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/permalink.php?story_fbid=1620793772710...|http://sn127w.snt127.mail.live.com/default.aspx?rru=hom...|http://www.infos-du-net.com/forum/page-263516_6_75450.h...|http://www.air-start.net/compte.php?page=news|http://webcache.googleusercontent.com/search?q=cache:fk...|http://www.planete-lolo.com/topic-429447--Video--Halluc...|http://www.fileserve.com/file/2nAejVt|http://www.allocine.fr/video/player_gen_cmedia=19152075...|http://www.koreus.com/video/boule-neige-bowling.html|http://www.formasupaeronautique.fr/fr/formations/132.ht...|http://laserpointerforums.com/f57/led-orb-2-0-a-50012.h...|http://www.univ-rouen.fr/19124731/0/fiche_pagelibre/|http://www.formasupaeronautique.fr/fr/formations/24.htm|http://www.formasupaeronautique.fr/fr/formations/themes...|https://www.coliposte.fr/pro/services/main.jsp?m=120030...|http://www.laserfreak.net/|http://www.elektor.fr/products/credits.80711.lynkx|http://www.semageek.com/category/electronique/
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nplv2010win32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-28 218688]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-3-27 41456]
    R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2011-3-27 81504]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-3-27 21992]
    R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 NIApplicationWebServer;NI Application Web Server;c:\program files\national instruments\shared\ni webserver\ApplicationWebServer.exe [2010-6-22 47776]
    R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2010-6-23 193712]
    R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2011-3-27 122368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
    S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-3-27 80912]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-3-10 311744]
    S3 phc710;USB PC Camera (SPC710NC);c:\windows\system32\drivers\phc710.sys [2011-4-1 644864]
    S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-05-10 20:36:14 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-10 20:36:11 -------- d-----w- c:\users\romain\appdata\local\temp
    2011-05-10 20:28:48 98816 ----a-w- c:\windows\sed.exe
    2011-05-10 20:28:48 89088 ----a-w- c:\windows\MBR.exe
    2011-05-10 20:28:48 256512 ----a-w- c:\windows\PEV.exe
    2011-05-10 20:28:48 161792 ----a-w- c:\windows\SWREG.exe
    2011-05-10 20:28:27 -------- d-----w- C:\ComboFix
    2011-05-10 20:02:52 -------- d-----w- c:\program files\VCop2
    2011-05-09 17:46:10 -------- d-----w- c:\users\romain\appdata\local\{4BA8E1F2-F7C7-48DB-9D6A-D3A34169E727}
    2011-05-08 14:28:55 -------- d-----w- c:\program files\COMODO
    2011-05-08 14:27:30 -------- d-----w- c:\progra~2\Comodo
    2011-05-08 12:44:13 -------- d-----w- c:\users\romain\appdata\local\{442C4282-14B6-41E5-ADA1-BD39FF9C0BA2}
    2011-05-07 14:57:18 -------- d-----w- C:\$AVG
    2011-05-07 13:54:06 -------- d-----w- c:\users\romain\appdata\roaming\Auslogics
    2011-05-07 13:12:50 -------- d-----w- c:\users\romain\appdata\local\{CC1DD62B-9E75-45F6-9516-A3A10ACF55B6}
    2011-05-06 08:56:50 -------- d-----w- c:\users\romain\appdata\local\{2F85E8CE-E813-499E-AB7B-0E4D5AA9E200}
    2011-05-05 09:50:01 -------- d-----w- c:\users\romain\appdata\local\{AE940D82-220B-47A5-B1C1-EB63698491D8}
    2011-05-04 21:49:45 -------- d-----w- c:\users\romain\appdata\local\{4CBEE938-7C1A-4D3B-8FD1-61D4FE40FB44}
    2011-05-04 15:07:11 298496 ----a-w- c:\windows\uninst.exe
    2011-05-04 09:49:29 -------- d-----w- c:\users\romain\appdata\local\{C70E23B7-EFD2-44B1-A5A4-63736794EB70}
    2011-05-02 18:36:34 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-05-02 18:36:32 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-05-02 18:36:32 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-05-02 18:36:04 284744 ----a-w- c:\windows\system32\guard32.dll
    2011-05-02 12:03:21 -------- d-----w- c:\users\romain\appdata\local\{0CE22A7E-F954-4FC3-B04F-FBB0C67B3FAB}
    2011-05-01 12:35:21 -------- d-----w- c:\users\romain\appdata\local\{F624DD94-FD0D-447D-B001-B376F9D4E5CE}
    2011-04-29 10:32:03 -------- d-----w- c:\users\romain\appdata\local\{BA6D683C-A361-4CF3-8F26-29765A7925B1}
    2011-04-28 07:36:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 07:36:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 07:36:45 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-28 07:33:14 -------- d-----w- c:\users\romain\appdata\local\{998CA712-557A-43FF-8578-50A27623B998}
    2011-04-26 19:19:17 -------- d-----w- c:\users\romain\appdata\local\{A4DD00F9-F4B7-4927-8A58-3CB2B56B4EDE}
    2011-04-26 11:14:18 -------- d-----w- c:\program files\epson
    2011-04-26 11:14:17 61952 ----a-w- c:\windows\system32\escwiad.dll
    2011-04-26 11:09:36 32768 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
    2011-04-25 09:37:26 -------- d-----w- c:\users\romain\appdata\local\{A0AF8A5A-F6D5-4E86-AA33-A099CC6399E0}
    2011-04-23 19:02:58 -------- d-----w- c:\users\romain\appdata\local\CyberLink
    2011-04-23 19:02:58 -------- d-----w- c:\progra~2\PlayMovie
    2011-04-23 19:02:55 -------- d-----w- c:\users\romain\appdata\local\SoftDMA
    2011-04-23 19:02:53 -------- d-----w- c:\users\romain\appdata\local\Acer Arcade Deluxe
    2011-04-23 14:22:11 -------- d-----w- c:\progra~2\Media Center Programs
    2011-04-23 14:21:54 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-04-23 14:21:54 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2011-04-23 08:57:35 -------- d-----w- c:\users\romain\Bluetooth Software
    2011-04-23 08:24:08 -------- d-----w- c:\users\romain\appdata\local\{93746A5B-2007-4D85-9455-4CA8EA0BEC1C}
    2011-04-22 11:49:34 -------- d-----w- c:\users\romain\appdata\local\{768E8C5F-A4B7-4557-8DE1-60325DE5F044}
    2011-04-22 07:15:12 -------- d-----w- c:\program files\Lantronix
    2011-04-21 14:37:08 -------- d-----w- c:\users\romain\appdata\local\{29B71CF7-951F-4120-B65B-C2B670D92C36}
    2011-04-20 21:31:12 -------- d-----w- c:\users\romain\appdata\local\{410DFC28-51F5-4A43-8E02-5143C21F575C}
    2011-04-20 06:23:42 -------- d-----w- c:\users\romain\appdata\local\{F974207A-D132-4E33-BD69-FBA95C93FF3A}
    2011-04-19 15:29:11 -------- d-----w- c:\users\romain\appdata\local\{663B5011-E997-420F-83CD-1A0DC2A7D50B}
    2011-04-18 18:09:02 -------- d-----w- c:\users\romain\appdata\local\{CC2F02F2-E1C2-4CE4-9525-156A86568155}
    2011-04-17 19:50:18 -------- d-----w- c:\users\romain\appdata\roaming\Cocoon Software
    2011-04-17 19:50:11 -------- d-----w- c:\program files\QuickMediaConverter
    2011-04-17 19:50:02 -------- d-----w- c:\users\romain\appdata\local\WDSetup
    2011-04-17 19:00:41 -------- d-----w- c:\users\romain\appdata\local\{7AD29A1D-099D-4453-8B18-12B7A23EF870}
    2011-04-17 18:59:22 -------- d-----w- c:\users\romain\appdata\local\{A695BEF3-9E33-4890-9653-87D40D90929C}
    2011-04-17 13:40:27 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
    2011-04-17 13:40:25 -------- d-----w- c:\program files\Bethesda Softworks
    2011-04-16 13:55:29 -------- d-----w- c:\users\romain\appdata\local\{737D1D4F-9753-47DA-94AD-CF6823FF5079}
    2011-04-15 19:01:28 -------- d-----w- c:\users\romain\appdata\local\{7B1CC3F9-DD3B-4F2F-9985-C19B0D408E50}
    2011-04-15 12:00:47 -------- d-----w- c:\users\romain\appdata\local\{E5A8C57E-E8F5-4B11-8874-8C3DA737C06A}
    2011-04-13 20:43:51 -------- d-----w- c:\users\romain\motodevstudio
    2011-04-13 19:42:36 -------- d-----w- c:\users\romain\user
    2011-04-13 19:17:25 -------- d-----w- c:\users\romain\.eclipse
    2011-04-13 19:12:25 -------- d--h--w- c:\program files\InstallJammer Registry
    2011-04-13 19:10:57 -------- d-----w- c:\users\romain\workspace
    2011-04-13 18:58:30 -------- d-----w- c:\users\romain\.android
    2011-04-12 18:17:47 -------- d-----w- c:\users\romain\appdata\local\{A43B4900-54C1-443E-847E-D7B7CF1CB738}
    2011-04-12 06:17:35 -------- d-----w- c:\users\romain\appdata\local\{578B6A87-01B8-456C-AE28-1A5B83EA525B}
    .
    ==================== Find3M ====================
    .
    2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
    2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
    2011-04-08 05:14:00 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-04-08 05:14:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-08 05:14:00 5180824 ----a-w- c:\windows\system32\nvcuda.dll
    2011-04-08 05:14:00 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-04-08 05:14:00 2034280 ----a-w- c:\windows\system32\nvapi.dll
    2011-04-08 05:14:00 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-04-08 05:14:00 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-04-08 05:14:00 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-04-07 20:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll
    2011-04-07 20:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-04-07 20:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-04-07 20:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-04-04 07:32:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-03-28 15:49:04 411368 ----a-w- c:\windows\system32\deploytk.dll
    2011-03-28 07:50:42 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-03-28 07:50:42 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-03-28 07:50:42 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-03-28 07:50:42 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-03-28 07:50:41 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-03-28 07:50:41 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-03-28 07:50:41 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-03-27 21:36:23 253 ----a-w- c:\windows\xUninstall.bat
    2011-03-27 21:35:39 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-03-27 21:35:36 315392 ----a-w- c:\windows\HideWin.exe
    2011-03-27 21:11:56 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
    2011-03-27 21:11:56 1024 ---h--r- c:\windows\system32\NTIBUN5.dll
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 7:42:34,98 ===============
    11 Mai 2011 09:44:13

    Bonjour
    Comment se comporte ton pc?
    11 Mai 2011 13:40:00

    bah pour l'instant tout va normalement :p  pas de pb :p 
    juste Mplab à réinstaller car une des dll infecter servait pour le soft :/ 

    merci bien Sham_rock



    vous êtes des boss dans cette contrée SV :p 
    11 Mai 2011 17:57:45

    au fait vus que je doit remettre un antivir, tu me conseille quoi?, j'avais AVG free et sur mon fixe j'ai antivir, mais entre les 2 j'hésite :/ 
    11 Mai 2011 18:09:23

    oki merci :) 
    11 Mai 2011 18:35:59

    de rien
    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS