Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Trojan et backdoor sur Run dll (resolu)

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Trojan et backdoor sur Run dll (resolu)

Prévenir les modérateurs en cas d'abus 
Duskin
duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 29/11/2009 à 15:46:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour

 Mon ordi fonctionne bien mais j'ai roulé Malwarbyte et il a trouve un backdoor et un trojan sur les fichiers RUNDLL32 qu'il a supprimer.  Depuis ce temps, je ne les trouve plus malgré des recherches sur le C.

 Quelqu'un peut m'aider SVP

 Merci



Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/11/2009 à 15:59:18  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Poste le rapport de MalwareByte's, il peut être retrouvé sous l'onglet Rapports/logs du logiciel.

 Télécharge RSIT (de random/random) sur le bureau ici :
 http://images.malwareremoval.com/random/RSIT.exe

 - Double clique sur RSIT.exe qui est sur le bureau
 - Clique sur Continue dans la fenêtre
 - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
 - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

 Les rapports sont dans le dossier ici C:\rsit


 @++   :)  

(Publicité)
duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 29/11/2009 à 16:28:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 Malwarebytes' Anti-Malware 1.40
 Database version: 2551
 Windows 5.1.2600 Service Pack 3

 2009-11-29 08:50:45
 mbam-log-2009-11-29 (08-50-45).txt

 Scan type: Full Scan (C:\|)
 Objects scanned: 168096
 Time elapsed: 2 hour(s), 29 minute(s), 13 second(s)

 Memory Processes Infected: 0
 Memory Modules Infected: 0
 Registry Keys Infected: 0
 Registry Values Infected: 0
 Registry Data Items Infected: 0
 Folders Infected: 0
 Files Infected: 2

 Memory Processes Infected:
 (No malicious items detected)

 Memory Modules Infected:
 (No malicious items detected)

 Registry Keys Infected:
 (No malicious items detected)

 Registry Values Infected:
 (No malicious items detected)

 Registry Data Items Infected:
 (No malicious items detected)

 Folders Infected:
 (No malicious items detected)

 Files Infected:
 C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
 C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.


 Logfile of random's system information tool 1.06 (written by random/random)
 Run by Eric at 2009-11-29 10:26:53
 Microsoft Windows XP Home Edition Service Pack 3
 System drive C: has 26 GB (33%) free of 79 GB
 Total RAM: 255 MB (22% free)

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 10:27:29, on 2009-11-29
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir Desktop\sched.exe
 C:\Program Files\Java\jre6\bin\jqs.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Google\Update\GoogleUpda​te.exe
 C:\Program Files\QUICKENW\QAGENT.EXE
 C:\PROGRA~1\Sony\SONICS~1\SsAA​D.exe
 C:\Program Files\Java\jre6\bin\jusched.ex​e
 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe
 C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe
 C:\Program Files\QuickTime\QTTask.exe
 C:\WINDOWS\system32\mrtMngr.EX​E
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\iISystem Wiper\SystemWiper.exe
 C:\Program Files\Brother\ControlCenter3\b​rccMCtl.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Brother\Brmfcmon\BrMfimo​n.exe
 C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 C:\Program Files\Java\jre6\bin\jucheck.ex​e
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Documents and Settings\Eric\Desktop\RSIT.exe
 C:\Program Files\trend micro\Eric.exe

 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
 O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
 O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAA​D.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.ex​e"
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
 O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupda​te.exe" -Embedding -boot
 O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe"
 O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\Index​Search.exe"
 O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\​Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Con​fig\Ereg\Ereg.ini"
 O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe /AUTORUN
 O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\b​rctrcen.exe /autorun
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe" AcRdB7_0_9 -reboot 1
 O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.​exe
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - C:\Program Files\PartyGaming\PartyPoker\R​unApp.exe
 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - C:\Program Files\PartyGaming\PartyPoker\R​unApp.exe
 O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-80074​9B94EED} - c:\program files\PartyGaming.net\PartyPok​erNet\RunPF.exe (file missing)
 O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-80074​9B94EED} - c:\program files\PartyGaming.net\PartyPok​erNet\RunPF.exe (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E​1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/ [...] ARTP8X.cab
 O16 - DPF: {3D3B42C2-11BF-4732-A304-A0138​4B70D68} (UploadListView Class) - http://picasaweb.google.com/s/ [...] oader2.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11​451AFC5} (OnlineScanner Control) - http://download.eset.com/speci [...] canner.cab
 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F​29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/a [...] asinst.cab
 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF​37916A7} - http://platformdl.adobe.com/NO [...] 1.6/gp.cab
 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
 O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpda​te.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\​Intel 32\IDriverT.exe
 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
 O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

 --
 End of file - 7541 bytes

 ======Scheduled tasks folder======

 C:\WINDOWS\tasks\AppleSoftware​Update.job
 C:\WINDOWS\tasks\GoogleUpdateT​askMachineCore.job
 C:\WINDOWS\tasks\MP Scheduled Scan.job

 ======Registry dump======

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Run]
 "QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-11-13 94208]
 "SsAAD.exe"=C:\PROGRA~1\Sony\S​ONICS~1\SsAAD.exe [2005-06-03 81920]
 "SunJavaUpdateSched"=C:\Progra​m Files\Java\jre6\bin\jusched.ex​e [2009-07-26 148888]
 "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupda​te.exe [2006-10-25 210472]
 "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe [2007-10-11 29984]
 "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\Index​Search.exe [2007-10-11 46368]
 "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\​Ereg.exe [2007-08-31 328992]
 "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe [2008-05-29 1085440]
 "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\b​rctrcen.exe [2007-12-21 86016]
 "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Run]
 "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
 "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]
 "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe [2006-03-30 313472]
 "iIWiper"=C:\Program Files\iISystem Wiper\SystemWiper.exe [2005-09-11 258048]
 "ctfmon.exe"=C:\WINDOWS\system​32\ctfmon.exe [2008-04-13 15360]

 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
 Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 Assistant Internet.lnk - C:\Program Files\NetAssistant\bin\matcli.​exe

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
 C:\WINDOWS\system32\Ati2evxx.d​ll [2006-02-21 61440]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
 C:\WINDOWS\system32\WgaLogon.d​ll [2007-03-15 236928]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
 WRLogonNTF.dll []

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\ShellExecuteHooks]
 "{091EB208-39DD-417D-A5DD-7E2C​2D8FB9CB}"=C:\PROGRA~1\WINDOW~​4\MpShHook.dll [2006-04-03 81616]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\WinDefend]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\SYMTDI]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\WinDefend]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\{1a3e09be-1e45-494b-9​174-d7385b45bbf5}]

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Policies\System]
 "dontdisplaylastusername"=0
 "legalnoticecaption"=
 "legalnoticetext"=
 "shutdownwithoutlogon"=1
 "undockwithoutlogon"=1

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Policies\explorer]
 "NoDrives"=0
 "NoDriveAutoRun"=67108863
 "NoDriveTypeAutoRun"=323

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Policies\explorer]
 "NoDriveTypeAutoRun"=
 "NoDrives"=
 "NoDriveAutoRun"=
 "HonorAutoRunSetting"=

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\standardprofile\authorizedap​plications\list]
 "C:\WINDOWS\system32\sessmgr.e​xe"="C:\WINDOWS\system32\sessm​gr.exe:*:Enabled:@xpsp2res.dll​,-22019"
 "C:\WINDOWS\system32\dpvsetup.​exe"="C:\WINDOWS\system32\dpvs​etup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
 "C:\WINDOWS\system32\dxdiag.ex​e"="C:\WINDOWS\system32\dxdiag​.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
 "%windir%\Network Diagnostic\xpnetdiag.exe"="%wi​ndir%\Network Diagnostic\xpnetdiag.exe:*:Ena​bled:@xpsp3res.dll,-20000"
 "%windir%\system32\sessmgr.exe​"="%windir%\system32\sessmgr.e​xe:*:enabled:@xpsp2res.dll,-22​019"
 "C:\Program Files\Brother\Brmfl08b\FAXRX.e​xe"="C:\Program Files\Brother\Brmfl08b\FAXRX.e​xe:*:Enabled:FAXRX.EXE"

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\domainprofile\authorizedappl​ications\list]
 "%windir%\system32\sessmgr.exe​"="%windir%\system32\sessmgr.e​xe:*:enabled:@xpsp2res.dll,-22​019"
 "%windir%\Network Diagnostic\xpnetdiag.exe"="%wi​ndir%\Network Diagnostic\xpnetdiag.exe:*:Ena​bled:@xpsp3res.dll,-20000"

 ======List of files/folders created in the last 1 months======

 2009-11-29 10:26:53 ----DC---- C:\rsit
 2009-11-24 21:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB97609​8-v2$
 2009-11-24 21:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB97368​7$
 2009-11-23 22:39:12 ----D---- C:\Documents and Settings\Eric\Application Data\Google
 2009-11-23 22:35:39 ----D---- C:\Program Files\Google
 2009-11-12 23:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB96994​7$
 2009-11-08 22:49:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

 ======List of files/folders modified in the last 1 months======

 2009-11-29 10:27:28 ----D---- C:\Program Files\trend micro
 2009-11-29 09:49:26 ----D---- C:\WINDOWS\system32
 2009-11-29 09:49:08 ----D---- C:\WINDOWS
 2009-11-29 09:32:12 ----D---- C:\WINDOWS\temp
 2009-11-29 09:32:00 ----D---- C:\WINDOWS\system32\CatRoot2
 2009-11-29 09:31:21 ----A---- C:\WINDOWS\SchedLgU.Txt
 2009-11-29 09:25:30 ----HD---- C:\WINDOWS\inf
 2009-11-29 08:51:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
 2009-11-24 21:02:04 ----A---- C:\WINDOWS\imsins.BAK
 2009-11-24 21:00:49 ----HD---- C:\WINDOWS\$hf_mig$
 2009-11-24 21:00:38 ----SHD---- C:\WINDOWS\Installer
 2009-11-24 21:00:36 ----D---- C:\WINDOWS\WinSxS
 2009-11-23 22:35:53 ----SD---- C:\WINDOWS\Tasks
 2009-11-23 22:35:39 ----RD---- C:\Program Files
 2009-11-14 08:48:33 ----SD---- C:\WINDOWS\Downloaded Program Files
 2009-11-08 10:38:08 ----A---- C:\WINDOWS\system32\PerfString​Backup.INI
 2009-11-05 12:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
 2009-11-01 10:33:32 ----D---- C:\Program Files\Common Files\Nikon
 2009-11-01 10:33:27 ----D---- C:\Program Files\Nikon

 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
 R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\av​ipbb.sys [2009-03-30 96104]
 R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cd​rbsvsd.sys [2003-12-03 13566]
 R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\in​telppm.sys [2008-04-13 36352]
 R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\sr​vkp.sys [2003-05-14 10624]
 R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ss​mdrv.sys [2009-07-13 28520]
 R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws​2ifsl.sys [2002-08-29 12032]
 R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\av​gntflt.sys [2009-08-18 55656]
 R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mr​tRate.sys [2001-02-28 34712]
 R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\driver​s\symlcbrd.sys []
 R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\AL​CXWDM.SYS [2003-04-01 719052]
 R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\at​i2mtag.sys [2006-02-21 1505792]
 R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hi​dusb.sys [2008-04-13 10368]
 R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mo​uhid.sys [2001-08-17 12160]
 R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\ms​mpu401.sys [2001-08-17 2944]
 R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RT​L8139.SYS [2001-08-23 25434]
 R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\se​rscan.sys [2001-08-17 6784]
 R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​behci.sys [2008-04-13 30208]
 R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\us​bhub.sys [2008-04-13 59520]
 R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​bohci.sys [2008-04-13 17152]
 R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\US​BSTOR.SYS [2008-04-13 26368]
 R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\Wm​BEnum.sys [2004-04-14 10144]
 R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\Wm​XlCore.sys [2004-04-14 44064]
 S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kb​dhid.sys [2008-04-13 14592]
 S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
 S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hi​dgame.sys [2001-08-17 8576]
 S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv​4_mini.sys [2004-08-04 1897408]
 S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\si​sgrp.sys [2003-05-30 397824]
 S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SO​NYPVU1.SYS [2001-08-17 7552]
 S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\us​baudio.sys [2008-04-13 60032]
 S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\us​bccgp.sys [2008-04-13 32128]
 S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\us​bprint.sys [2008-04-13 25856]
 S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\us​bscan.sys [2008-04-13 15104]
 S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​buhci.sys [2008-04-13 20608]
 S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\Wm​Filter.sys [2004-04-14 21280]
 S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\Wm​HidLo.sys [2004-04-14 14432]
 S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\Wm​VirHid.sys [2004-04-14 5600]

 ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]
 R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.e​xe [2006-02-21 405504]
 R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-26 152984]
 R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
 R3 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]
 R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
 S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.e​xe [2003-12-03 516096]
 S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpda​te.exe [2009-11-23 135664]
 S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\​Intel 32\IDriverT.exe [2005-04-03 69632]
 S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
 S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
 S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
 S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

 -----------------EOF----------​-------


 info.txt logfile of random's system information tool 1.06 2009-11-29 10:27:36

 ======Uninstall list======

 -->C:\PROGRA~1\NETASS~1\Uninst​all.exe  BellCanada
 -->C:\Program Files\Ahead\nero\uninstall\UNN​ERO.exe /UNINSTALL
 -->C:\Program Files\DivX\ConverterUninstall.​exe /CONVERTER
 -->C:\WINDOWS\system32\Macrome​d\Flash\uninstall_plugin.exe
 -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
 -->C:\WINDOWS\UNNMP.exe /UNINSTALL
 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D​5-B16F-0800460222F0}\setup.exe​" -l0x40c UNINSTALL
 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A1​1-BCFF-76F3F19DA84D}\setup.exe​" UNINSTALL
 -->rundll32.exe setupapi.dll,InstallHinfSectio​n DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
 Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\​Macromed\Flash\uninstall_activ​eX.exe
 Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714​CF3BA126B}
 Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70​900000002}
 Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76​FA21266D5}
 ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A8​0-AFD8-E16338744DE1}\Setup.exe​" -l0x40c
 Assistant Internet-->C:\WINDOWS\Motive\B​ellCanada\MCCUninst.exe
 ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiC​imUn.exe
 ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B​5-9973-57E62B29307C}\setup.exe​"
 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.d​ll,_InfEngUnInstallINFFile_Run​DLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
 Barbie(TM) Lac des Cygnes-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUnFR.e​xe
 Brother MFL-Pro Suite MFC-790CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-464​1-BBDC-D1038B196F55}\Setup.exe​"  -runfromtemp -l0x0c0c UNINSTALL Reg=BH9_C2 -removeonly
 Citrix ICA Web Client-->C:\WINDOWS\System32\c​txsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\un​inst.inf
 Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-000​0000FF1CE}
 Dirou et le mystère de l'île de Pâques - version 3 à 5 ans-->"C:\Program Files\Dirou\unins000.exe"
 Disney's Cinderella's Castle Designer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{680E5008-CA49-11D​6-8940-0002A5E32BEF}\setup.exe​" Disney's Cinderella's Castle Designer
 DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.​exe /CODEC
 DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploader​Uninstall.exe /CUPLOADER
 DivX Converter-->C:\Program Files\DivX\ConverterUninstall.​exe /CONVERTER
 DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall​.exe /PLAYER
 DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninst​all.exe /PLUGIN
 ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstall​er.exe
 File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E47​8B83CCEA2}
 Future Photo Print Wizard (Standalone)-->MsiExec.exe /I{18A26B47-5777-4D43-8FC5-0CE​1EE7BEC0F}
 Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005​056806466}
 Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC4​4E68B55E2}
 HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
 Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7up​dates\KB947864-IE7\spuninst\sp​uninst.exe"
 Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUn​installKB952287$\spuninst\spun​inst.exe"
 Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$N​tUninstallKB970653-v3$\spunins​t\spuninst.exe"
 Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$N​tUninstallKB976098-v2$\spunins​t\spuninst.exe"
 iISystem Wiper 2.4.1-->"C:\Program Files\iISystem Wiper\unins000.exe"
 Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B​0D0142050}
 Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F8​3216013FF}
 Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B​0D0160020}
 Kaspersky Online Scanner-->C:\WINDOWS\system32\​KASPER~1\KASPER~1\kavuninstall​.exe
 Kaspersky On-line Scanner-->C:\WINDOWS\system32\​KASPER~1\KASPER~1\kavuninstall​.exe
 Lapin Malin Cours Préparatoire-->C:\Program Files\Mindscape\Lapin Malin Cours Préparatoire\uninstall.exe
 Lapin Malin Maternelle 1-->C:\WINDOWS\unin040c.exe -fC:\TLCWIN\RRT\uninstal\DeIsL​1.isu
 Lapin Malin Maternelle 2 + Atelier de dessin & de musique-->C:\Program Files\Mindscape\Lapin Malin Maternelle 2 + Atelier de dessin & de musique\uninstall.exe
 Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-336​8a15f9966}
 Macromedia Shockwave Player-->C:\WINDOWS\system32\M​acromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\S​HOCKW~2\Install.log
 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
 Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.​exe C:\WINDOWS\INF\KB870669.inf
 Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServiceP​ackUninstallIDNMitigationAPIs$​\spuninst\spuninst.exe"
 Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServiceP​ackUninstallNLSDownlevelMappin​g$\spuninst\spuninst.exe"
 Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006​097C998E7}
 Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006​097C998E7}
 Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-000​0000FF1CE}
 Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-181​8da5d550d}
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E​6EC160475}
 MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5​DCDC52A71}
 MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C1​1F044BDEC}
 Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.ex​e /uninstall ExtraUninstallID=""
 OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4​.2-05-07-27-01\HotFixSetup\set​up.exe /u
 OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\​INSTAL~1\Driver\9\INTEL3~1\IDr​iver.exe /M{849ABF1A-6AE3-45E1-B260-D54​47B2F29F5} UNINSTALL
 Panda ActiveScan-->C:\WINDOWS\system​32\ASUninst.exe Panda ActiveScan
 PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018​A522F1B2C}
 PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\U​ninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\i​nstall.log"
 PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
 Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14E​FE67200C3}
 Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​PROFES~1\RunTime\0701\Intel32\​Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E​6-BB75-E95751D6B83F}\setup.exe​" -l0x40c UNINSTALL
 QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383​BC4F8B335}
 ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D​3178249A9}
 Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7up​dates\KB928090-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7up​dates\KB929969\spuninst\spunin​st.exe"
 Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7up​dates\KB931768-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7up​dates\KB933566-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7up​dates\KB937143-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7up​dates\KB938127-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7up​dates\KB939653-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7up​dates\KB942615-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7up​dates\KB944533-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7up​dates\KB950759-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7up​dates\KB953838-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7up​dates\KB956390-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7up​dates\KB958215-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7up​dates\KB960714-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7up​dates\KB961260-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7up​dates\KB963027-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8up​dates\KB969897-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8up​dates\KB971961-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8up​dates\KB972260-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8up​dates\KB974455-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUn​installKB952069_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUn​installKB954155_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUn​installKB968816_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUn​installKB973540_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUn​installKB911565$\spuninst\spun​inst.exe"
 Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUn​installKB917734_WMP10$\spunins​t\spuninst.exe"
 Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUn​installKB936782_WMP10$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUn​installKB923561$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUn​installKB938464$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$N​tUninstallKB938464-v2$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUn​installKB941569$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUn​installKB946648$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUn​installKB950760$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUn​installKB950762$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUn​installKB950974$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUn​installKB951066$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUn​installKB951376$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$N​tUninstallKB951376-v2$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUn​installKB951698$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUn​installKB951748$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUn​installKB952004$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUn​installKB952954$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUn​installKB953839$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUn​installKB954211$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUn​installKB954459$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUn​installKB954600$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUn​installKB955069$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUn​installKB956391$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUn​installKB956572$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUn​installKB956744$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUn​installKB956802$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUn​installKB956803$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUn​installKB956841$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUn​installKB956844$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUn​installKB957095$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUn​installKB957097$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUn​installKB958644$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUn​installKB958687$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUn​installKB958690$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUn​installKB958869$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUn​installKB959426$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUn​installKB960225$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUn​installKB960715$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUn​installKB960803$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUn​installKB960859$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUn​installKB961371$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUn​installKB961373$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUn​installKB961501$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUn​installKB968537$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUn​installKB969059$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUn​installKB969898$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUn​installKB969947$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUn​installKB970238$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUn​installKB971486$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUn​installKB971557$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUn​installKB971633$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUn​installKB971657$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUn​installKB973346$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUn​installKB973354$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUn​installKB973507$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUn​installKB973525$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUn​installKB973869$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUn​installKB974112$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUn​installKB974571$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUn​installKB975025$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUn​installKB975467$\spuninst\spun​inst.exe"
 Shockwave-->C:\WINDOWS\system3​2\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\S​HOCKW~1\Install.log
 SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​PROFES~1\RunTime\10\01\Intel32​\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E​6-879D-33D4B2102610}\setup.exe​" -l0x9 UNINSTALL -removeonly
 Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-411​4-8D68-9CD080140D4A}\Setup.exe​" UNINSTALL
 Studio de création numérique de Lapin Malin-->C:\Program Files\Mindscape\Studio de création numérique de Lapin Malin\uninstall.exe
 Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8up​dates\KB971180-IE8\spuninst\sp​uninst.exe"
 Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8up​dates\KB976749-IE8\spuninst\sp​uninst.exe"
 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$N​tUninstallKB951072-v2$\spunins​t\spuninst.exe"
 Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUn​installKB951978$\spuninst\spun​inst.exe"
 Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUn​installKB955839$\spuninst\spun​inst.exe"
 Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUn​installKB967715$\spuninst\spun​inst.exe"
 Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUn​installKB968389$\spuninst\spun​inst.exe"
 Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUn​installKB973687$\spuninst\spun​inst.exe"
 Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUn​installKB973815$\spuninst\spun​inst.exe"
 ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0​D78116468}
 Visual IP InSight(Sympatico Consumer)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D​1-AD16-00A0C95E0503}Sympatico Consumer\setup.exe Sympatico Consumer
 Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-038​74BBD4C2C}
 Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009​EB3A244C9}
 Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\s​puninst.exe"
 Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
 Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
 Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePack​Uninstall$\spuninst\spuninst.e​xe"
 WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
 xp-AntiSpy 3.95-->C:\Program Files\xp-AntiSpy\Uninstall.exe

 ======Security center information======

 AV: AntiVir Desktop

 ======Environment variables======

 "ComSpec"=%SystemRoot%\system3​2\cmd.exe
 "Path"=%SystemRoot%\system32;%​SystemRoot%;%SystemRoot%\syste​m32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
 "windir"=%SystemRoot%
 "OS"=Windows_NT
 "PROCESSOR_ARCHITECTURE"=x86
 "PROCESSOR_LEVEL"=15
 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
 "PROCESSOR_REVISION"=0209
 "NUMBER_OF_PROCESSORS"=1
 "PATHEXT"=.COM;.EXE;.BAT;.CMD;​.VBS;.VBE;.JS;.JSE;.WSF;.WSH
 "TEMP"=%SystemRoot%\TEMP
 "TMP"=%SystemRoot%\TEMP
 "FP_NO_HOST_CHECK"=NO
 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava​.zip
 "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava​.zip

 -----------------EOF----------​-------

Profil : Equipe sécurité
totoftotof
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/11/2009 à 18:10:37  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour

 Duskin, pour information la version est obsolète de Malwarebytes Antimalware la dernière version c'est la 1.41 et vous avez installé la version anglaise

 :hello: dédétraqué

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/11/2009 à 18:50:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 



Depuis ce temps, je ne les trouve plus malgré des recherches sur le C.



 Cela est normal que tu ne les trouves pas, MBAM as supprimer les deux malwares, le fichier légitime ce trouve dans ce dossier :
 C:\WINDOWS\system32\rundll32.e​xe


 -----


 Double clique sur le raccourci d'HijackThis sur ton Bureau, clique sur Do a scan system only coche la case devant la(les) ligne(s) suivante(s) si présente(s)
 Si plus de raccourci sur le bureau, il ce trouve ici :
 C:\Program Files\trend micro\Eric.exe

 O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm


 - Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

 - Quitte HijackThis


 -----


 Télécharge OTM (de Old_Timer) sur le bureau :

 http://oldtimer.geekstogo.com/OTM.exe


 Double-clique sur OTM.exe sur le bureau

 - Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

 - Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

 



 :services
 catchme

 :files
 C:\WINDOWS\system32\onhelp.htm

 :commands
 [purity]
 [emptytemp]
 [reboot]




 - Clique sur MoveIt! pour lancer la suppression.
 - Ferme OTM

 Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

 Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.


 As-tu encore ton souci?


 @++   :)

(Publicité)
duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 29/11/2009 à 20:44:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
SAlut Dede

 OK j'avais mal lu.  Désolé.

 J'ai fait la procédure et je n'arrive toujours pas a rouler rien comme application du panneau de controle avec le meme message derreur concernant le RUNDLL32.exe

 De plus, j'ai encore le Active Restore Desktop qui est a l'écran.

 Voici le rapport.

 All processes killed
 ========== SERVICES/DRIVERS ==========
 Service catchme stopped successfully!
 Service catchme deleted successfully!
 ========== FILES ==========
 File/Folder C:\WINDOWS\system32\onhelp.htm not found.
 ========== COMMANDS ==========
 
 [EMPTYTEMP]
 
 User: Administrator
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: All Users
 
 User: Default User
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: Eric
 ->Temp folder emptied: 34366341 bytes
 ->Temporary Internet Files folder emptied: 28185398 bytes
 ->Java cache emptied: 26764505 bytes
 
 User: LocalService
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 32902 bytes
 
 User: NetworkService
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 33170 bytes
 
 User: Owner
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 Windows Temp folder emptied: 148120 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temp folder emptied: 0 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temporary Internet Files folder emptied: 34874 bytes
 RecycleBin emptied: 11913 bytes
 
 Total Files Cleaned = 85,43 mb
 
 
 OTM by OldTimer - Version 3.1.2.0 log created on 11292009_142444

 Files moved on Reboot...

 Registry entries deleted on Reboot...

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 30/11/2009 à 14:55:10  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 



avec le meme message derreur concernant le RUNDLL32.exe



 Donne moi le message d'erreur au complet où une capture d'écran.


 



De plus, j'ai encore le Active Restore Desktop qui est a l'écran.



 Faut faire le changement de ton fond d'écran


 -----


 Supprime ce dossier C:\rsit

 Refais un scan avec RSIT et poste le rapport log.txt seulement à la fin de l’analyse

 Le rapport est dans le dossier ici C:\rsit


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 30/11/2009 à 19:52:08  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Allo Dede

 Voici textuellement le message d'erreur.
 Windows cannot find C:\WINDOWS\system32\rundll32.e​xe'. Make sure you type the name correctly, and then try again. To search for a file, click the start button, and then click search.

 Logfile of random's system information tool 1.06 (written by random/random)
 Run by Eric at 2009-11-30 13:50:24
 WIN_XP Service Pack 3
 System drive C: has 26 GB (34%) free of 79 GB
 Total RAM: 255 MB (23% free)

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 13:50:40, on 2009-11-30
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir Desktop\sched.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\Program Files\Java\jre6\bin\jqs.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Google\Update\GoogleUpda​te.exe
 C:\Program Files\QUICKENW\QAGENT.EXE
 C:\PROGRA~1\Sony\SONICS~1\SsAA​D.exe
 C:\Program Files\Java\jre6\bin\jusched.ex​e
 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe
 C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe
 C:\WINDOWS\system32\mrtMngr.EX​E
 C:\Program Files\QuickTime\QTTask.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\Brother\ControlCenter3\b​rccMCtl.exe
 C:\Program Files\iISystem Wiper\SystemWiper.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Brother\Brmfcmon\BrMfimo​n.exe
 C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 C:\Program Files\Java\jre6\bin\jucheck.ex​e
 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Documents and Settings\Eric\Desktop\RSIT.exe
 C:\Program Files\trend micro\Eric.exe

 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
 O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
 O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAA​D.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.ex​e"
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
 O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupda​te.exe" -Embedding -boot
 O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe"
 O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\Index​Search.exe"
 O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\​Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Con​fig\Ereg\Ereg.ini"
 O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe /AUTORUN
 O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\b​rctrcen.exe /autorun
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe" AcRdB7_0_9 -reboot 1
 O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKUS\S-1-5-21-3277439761-21364​17557-3852222622-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
 O4 - HKUS\S-1-5-21-3277439761-21364​17557-3852222622-1006\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
 O4 - HKUS\S-1-5-21-3277439761-21364​17557-3852222622-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe" AcRdB7_0_9 -reboot 1 (User '?')
 O4 - HKUS\S-1-5-21-3277439761-21364​17557-3852222622-1006\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m (User '?')
 O4 - HKUS\S-1-5-21-3277439761-21364​17557-3852222622-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.​exe
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - C:\Program Files\PartyGaming\PartyPoker\R​unApp.exe
 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - C:\Program Files\PartyGaming\PartyPoker\R​unApp.exe
 O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-80074​9B94EED} - c:\program files\PartyGaming.net\PartyPok​erNet\RunPF.exe (file missing)
 O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-80074​9B94EED} - c:\program files\PartyGaming.net\PartyPok​erNet\RunPF.exe (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E​1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/ [...] ARTP8X.cab
 O16 - DPF: {3D3B42C2-11BF-4732-A304-A0138​4B70D68} (UploadListView Class) - http://picasaweb.google.com/s/ [...] oader2.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11​451AFC5} (OnlineScanner Control) - http://download.eset.com/speci [...] canner.cab
 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F​29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/a [...] asinst.cab
 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF​37916A7} - http://platformdl.adobe.com/NO [...] 1.6/gp.cab
 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
 O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpda​te.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\​Intel 32\IDriverT.exe
 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
 O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 --
 End of file - 8173 bytes

 ======Scheduled tasks folder======

 C:\WINDOWS\tasks\AppleSoftware​Update.job
 C:\WINDOWS\tasks\GoogleUpdateT​askMachineCore.job
 C:\WINDOWS\tasks\MP Scheduled Scan.job

 ======Registry dump======

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Run]
 "QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-11-13 94208]
 "SsAAD.exe"=C:\PROGRA~1\Sony\S​ONICS~1\SsAAD.exe [2005-06-03 81920]
 "SunJavaUpdateSched"=C:\Progra​m Files\Java\jre6\bin\jusched.ex​e [2009-07-26 148888]
 "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupda​te.exe [2006-10-25 210472]
 "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe [2007-10-11 29984]
 "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\Index​Search.exe [2007-10-11 46368]
 "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\​Ereg.exe [2007-08-31 328992]
 "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe [2008-05-29 1085440]
 "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\b​rctrcen.exe [2007-12-21 86016]
 "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Run]
 "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
 "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]
 "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe [2006-03-30 313472]
 "iIWiper"=C:\Program Files\iISystem Wiper\SystemWiper.exe [2005-09-11 258048]
 "ctfmon.exe"=C:\WINDOWS\system​32\ctfmon.exe [2008-04-13 15360]

 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
 Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 Assistant Internet.lnk - C:\Program Files\NetAssistant\bin\matcli.​exe

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
 C:\WINDOWS\system32\Ati2evxx.d​ll [2006-02-21 61440]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
 C:\WINDOWS\system32\WgaLogon.d​ll [2007-03-15 236928]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
 WRLogonNTF.dll []

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\ShellExecuteHooks]
 "{091EB208-39DD-417D-A5DD-7E2C​2D8FB9CB}"=C:\PROGRA~1\WINDOW~​4\MpShHook.dll [2006-04-03 81616]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\WinDefend]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\SYMTDI]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\WinDefend]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\{1a3e09be-1e45-494b-9​174-d7385b45bbf5}]

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Policies\System]
 "dontdisplaylastusername"=0
 "legalnoticecaption"=
 "legalnoticetext"=
 "shutdownwithoutlogon"=1
 "undockwithoutlogon"=1

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Policies\explorer]
 "NoDrives"=0
 "NoDriveAutoRun"=67108863
 "NoDriveTypeAutoRun"=323

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Policies\explorer]
 "NoDriveTypeAutoRun"=
 "NoDrives"=
 "NoDriveAutoRun"=
 "HonorAutoRunSetting"=

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\standardprofile\authorizedap​plications\list]
 "C:\WINDOWS\system32\sessmgr.e​xe"="C:\WINDOWS\system32\sessm​gr.exe:*:Enabled:@xpsp2res.dll​,-22019"
 "C:\WINDOWS\system32\dpvsetup.​exe"="C:\WINDOWS\system32\dpvs​etup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
 "C:\WINDOWS\system32\dxdiag.ex​e"="C:\WINDOWS\system32\dxdiag​.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
 "%windir%\Network Diagnostic\xpnetdiag.exe"="%wi​ndir%\Network Diagnostic\xpnetdiag.exe:*:Ena​bled:@xpsp3res.dll,-20000"
 "%windir%\system32\sessmgr.exe​"="%windir%\system32\sessmgr.e​xe:*:enabled:@xpsp2res.dll,-22​019"
 "C:\Program Files\Brother\Brmfl08b\FAXRX.e​xe"="C:\Program Files\Brother\Brmfl08b\FAXRX.e​xe:*:Enabled:FAXRX.EXE"

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\domainprofile\authorizedappl​ications\list]
 "%windir%\system32\sessmgr.exe​"="%windir%\system32\sessmgr.e​xe:*:enabled:@xpsp2res.dll,-22​019"
 "%windir%\Network Diagnostic\xpnetdiag.exe"="%wi​ndir%\Network Diagnostic\xpnetdiag.exe:*:Ena​bled:@xpsp3res.dll,-20000"

 ======List of files/folders created in the last 1 months======

 2009-11-30 13:50:24 ----DC---- C:\rsit
 2009-11-29 14:24:44 ----DC---- C:\_OTM
 2009-11-24 21:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB97609​8-v2$
 2009-11-24 21:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB97368​7$
 2009-11-23 22:39:12 ----D---- C:\Documents and Settings\Eric\Application Data\Google
 2009-11-23 22:35:39 ----D---- C:\Program Files\Google
 2009-11-12 23:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB96994​7$
 2009-11-08 22:49:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

 ======List of files/folders modified in the last 1 months======

 2009-11-30 13:50:27 ----D---- C:\Program Files\trend micro
 2009-11-30 12:33:04 ----D---- C:\WINDOWS\temp
 2009-11-30 08:57:32 ----D---- C:\WINDOWS\system32
 2009-11-29 20:24:55 ----D---- C:\WINDOWS\system32\CatRoot2
 2009-11-29 20:24:17 ----A---- C:\WINDOWS\SchedLgU.Txt
 2009-11-29 09:49:08 ----D---- C:\WINDOWS
 2009-11-29 09:25:30 ----HD---- C:\WINDOWS\inf
 2009-11-29 08:51:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
 2009-11-24 21:02:04 ----A---- C:\WINDOWS\imsins.BAK
 2009-11-24 21:00:49 ----HD---- C:\WINDOWS\$hf_mig$
 2009-11-24 21:00:38 ----SHD---- C:\WINDOWS\Installer
 2009-11-24 21:00:36 ----D---- C:\WINDOWS\WinSxS
 2009-11-23 22:35:53 ----SD---- C:\WINDOWS\Tasks
 2009-11-23 22:35:39 ----RD---- C:\Program Files
 2009-11-14 08:48:33 ----SD---- C:\WINDOWS\Downloaded Program Files
 2009-11-08 10:38:08 ----A---- C:\WINDOWS\system32\PerfString​Backup.INI
 2009-11-05 12:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
 2009-11-01 10:33:32 ----D---- C:\Program Files\Common Files\Nikon
 2009-11-01 10:33:27 ----D---- C:\Program Files\Nikon

 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
 R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\av​ipbb.sys [2009-03-30 96104]
 R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cd​rbsvsd.sys [2003-12-03 13566]
 R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\in​telppm.sys [2008-04-13 36352]
 R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\sr​vkp.sys [2003-05-14 10624]
 R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ss​mdrv.sys [2009-07-13 28520]
 R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws​2ifsl.sys [2002-08-29 12032]
 R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\av​gntflt.sys [2009-08-18 55656]
 R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mr​tRate.sys [2001-02-28 34712]
 R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\driver​s\symlcbrd.sys []
 R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\AL​CXWDM.SYS [2003-04-01 719052]
 R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\at​i2mtag.sys [2006-02-21 1505792]
 R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hi​dusb.sys [2008-04-13 10368]
 R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mo​uhid.sys [2001-08-17 12160]
 R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\ms​mpu401.sys [2001-08-17 2944]
 R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RT​L8139.SYS [2001-08-23 25434]
 R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\se​rscan.sys [2001-08-17 6784]
 R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​behci.sys [2008-04-13 30208]
 R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\us​bhub.sys [2008-04-13 59520]
 R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​bohci.sys [2008-04-13 17152]
 R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\US​BSTOR.SYS [2008-04-13 26368]
 R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\Wm​BEnum.sys [2004-04-14 10144]
 R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\Wm​XlCore.sys [2004-04-14 44064]
 S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kb​dhid.sys [2008-04-13 14592]
 S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hi​dgame.sys [2001-08-17 8576]
 S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv​4_mini.sys [2004-08-04 1897408]
 S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\si​sgrp.sys [2003-05-30 397824]
 S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SO​NYPVU1.SYS [2001-08-17 7552]
 S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\us​baudio.sys [2008-04-13 60032]
 S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\us​bccgp.sys [2008-04-13 32128]
 S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\us​bprint.sys [2008-04-13 25856]
 S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\us​bscan.sys [2008-04-13 15104]
 S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​buhci.sys [2008-04-13 20608]
 S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\Wm​Filter.sys [2004-04-14 21280]
 S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\Wm​HidLo.sys [2004-04-14 14432]
 S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\Wm​VirHid.sys [2004-04-14 5600]

 ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]
 R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.e​xe [2006-02-21 405504]
 R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-26 152984]
 R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
 R3 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]
 R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
 S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.e​xe [2003-12-03 516096]
 S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpda​te.exe [2009-11-23 135664]
 S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\​Intel 32\IDriverT.exe [2005-04-03 69632]
 S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
 S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
 S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
 S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

 -----------------EOF----------​-------

 info.txt logfile of random's system information tool 1.06 2009-11-30 13:50:46

 ======Uninstall list======

 -->C:\PROGRA~1\NETASS~1\Uninst​all.exe  BellCanada
 -->C:\Program Files\Ahead\nero\uninstall\UNN​ERO.exe /UNINSTALL
 -->C:\Program Files\DivX\ConverterUninstall.​exe /CONVERTER
 -->C:\WINDOWS\system32\Macrome​d\Flash\uninstall_plugin.exe
 -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
 -->C:\WINDOWS\UNNMP.exe /UNINSTALL
 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D​5-B16F-0800460222F0}\setup.exe​" -l0x40c UNINSTALL
 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A1​1-BCFF-76F3F19DA84D}\setup.exe​" UNINSTALL
 -->rundll32.exe setupapi.dll,InstallHinfSectio​n DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
 Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\​Macromed\Flash\uninstall_activ​eX.exe
 Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714​CF3BA126B}
 Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70​900000002}
 Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76​FA21266D5}
 ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A8​0-AFD8-E16338744DE1}\Setup.exe​" -l0x40c
 Assistant Internet-->C:\WINDOWS\Motive\B​ellCanada\MCCUninst.exe
 ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiC​imUn.exe
 ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B​5-9973-57E62B29307C}\setup.exe​"
 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.d​ll,_InfEngUnInstallINFFile_Run​DLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
 Barbie(TM) Lac des Cygnes-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUnFR.e​xe
 Brother MFL-Pro Suite MFC-790CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-464​1-BBDC-D1038B196F55}\Setup.exe​"  -runfromtemp -l0x0c0c UNINSTALL Reg=BH9_C2 -removeonly
 Citrix ICA Web Client-->C:\WINDOWS\System32\c​txsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\un​inst.inf
 Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-000​0000FF1CE}
 Dirou et le mystère de l'île de Pâques - version 3 à 5 ans-->"C:\Program Files\Dirou\unins000.exe"
 Disney's Cinderella's Castle Designer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{680E5008-CA49-11D​6-8940-0002A5E32BEF}\setup.exe​" Disney's Cinderella's Castle Designer
 DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.​exe /CODEC
 DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploader​Uninstall.exe /CUPLOADER
 DivX Converter-->C:\Program Files\DivX\ConverterUninstall.​exe /CONVERTER
 DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall​.exe /PLAYER
 DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninst​all.exe /PLUGIN
 ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstall​er.exe
 File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E47​8B83CCEA2}
 Future Photo Print Wizard (Standalone)-->MsiExec.exe /I{18A26B47-5777-4D43-8FC5-0CE​1EE7BEC0F}
 Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005​056806466}
 Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC4​4E68B55E2}
 HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
 Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7up​dates\KB947864-IE7\spuninst\sp​uninst.exe"
 Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUn​installKB952287$\spuninst\spun​inst.exe"
 Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$N​tUninstallKB970653-v3$\spunins​t\spuninst.exe"
 Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$N​tUninstallKB976098-v2$\spunins​t\spuninst.exe"
 iISystem Wiper 2.4.1-->"C:\Program Files\iISystem Wiper\unins000.exe"
 Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B​0D0142050}
 Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F8​3216013FF}
 Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B​0D0160020}
 Kaspersky Online Scanner-->C:\WINDOWS\system32\​KASPER~1\KASPER~1\kavuninstall​.exe
 Kaspersky On-line Scanner-->C:\WINDOWS\system32\​KASPER~1\KASPER~1\kavuninstall​.exe
 Lapin Malin Cours Préparatoire-->C:\Program Files\Mindscape\Lapin Malin Cours Préparatoire\uninstall.exe
 Lapin Malin Maternelle 1-->C:\WINDOWS\unin040c.exe -fC:\TLCWIN\RRT\uninstal\DeIsL​1.isu
 Lapin Malin Maternelle 2 + Atelier de dessin & de musique-->C:\Program Files\Mindscape\Lapin Malin Maternelle 2 + Atelier de dessin & de musique\uninstall.exe
 Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-336​8a15f9966}
 Macromedia Shockwave Player-->C:\WINDOWS\system32\M​acromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\S​HOCKW~2\Install.log
 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
 Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.​exe C:\WINDOWS\INF\KB870669.inf
 Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServiceP​ackUninstallIDNMitigationAPIs$​\spuninst\spuninst.exe"
 Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServiceP​ackUninstallNLSDownlevelMappin​g$\spuninst\spuninst.exe"
 Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006​097C998E7}
 Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006​097C998E7}
 Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-000​0000FF1CE}
 Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-181​8da5d550d}
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E​6EC160475}
 MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5​DCDC52A71}
 MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C1​1F044BDEC}
 Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.ex​e /uninstall ExtraUninstallID=""
 OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4​.2-05-07-27-01\HotFixSetup\set​up.exe /u
 OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\​INSTAL~1\Driver\9\INTEL3~1\IDr​iver.exe /M{849ABF1A-6AE3-45E1-B260-D54​47B2F29F5} UNINSTALL
 Panda ActiveScan-->C:\WINDOWS\system​32\ASUninst.exe Panda ActiveScan
 PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018​A522F1B2C}
 PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\U​ninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\i​nstall.log"
 PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
 Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14E​FE67200C3}
 Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​PROFES~1\RunTime\0701\Intel32\​Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E​6-BB75-E95751D6B83F}\setup.exe​" -l0x40c UNINSTALL
 QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383​BC4F8B335}
 ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D​3178249A9}
 Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7up​dates\KB928090-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7up​dates\KB929969\spuninst\spunin​st.exe"
 Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7up​dates\KB931768-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7up​dates\KB933566-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7up​dates\KB937143-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7up​dates\KB938127-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7up​dates\KB939653-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7up​dates\KB942615-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7up​dates\KB944533-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7up​dates\KB950759-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7up​dates\KB953838-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7up​dates\KB956390-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7up​dates\KB958215-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7up​dates\KB960714-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7up​dates\KB961260-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7up​dates\KB963027-IE7\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8up​dates\KB969897-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8up​dates\KB971961-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8up​dates\KB972260-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8up​dates\KB974455-IE8\spuninst\sp​uninst.exe"
 Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUn​installKB952069_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUn​installKB954155_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUn​installKB968816_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUn​installKB973540_WM9$\spuninst\​spuninst.exe"
 Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUn​installKB911565$\spuninst\spun​inst.exe"
 Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUn​installKB917734_WMP10$\spunins​t\spuninst.exe"
 Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUn​installKB936782_WMP10$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUn​installKB923561$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUn​installKB938464$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$N​tUninstallKB938464-v2$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUn​installKB941569$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUn​installKB946648$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUn​installKB950760$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUn​installKB950762$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUn​installKB950974$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUn​installKB951066$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUn​installKB951376$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$N​tUninstallKB951376-v2$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUn​installKB951698$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUn​installKB951748$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUn​installKB952004$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUn​installKB952954$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUn​installKB953839$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUn​installKB954211$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUn​installKB954459$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUn​installKB954600$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUn​installKB955069$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUn​installKB956391$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUn​installKB956572$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUn​installKB956744$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUn​installKB956802$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUn​installKB956803$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUn​installKB956841$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUn​installKB956844$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUn​installKB957095$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUn​installKB957097$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUn​installKB958644$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUn​installKB958687$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUn​installKB958690$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUn​installKB958869$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUn​installKB959426$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUn​installKB960225$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUn​installKB960715$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUn​installKB960803$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUn​installKB960859$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUn​installKB961371$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUn​installKB961373$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUn​installKB961501$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUn​installKB968537$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUn​installKB969059$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUn​installKB969898$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUn​installKB969947$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUn​installKB970238$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUn​installKB971486$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUn​installKB971557$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUn​installKB971633$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUn​installKB971657$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUn​installKB973346$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUn​installKB973354$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUn​installKB973507$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUn​installKB973525$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUn​installKB973869$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUn​installKB974112$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUn​installKB974571$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUn​installKB975025$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUn​installKB975467$\spuninst\spun​inst.exe"
 Shockwave-->C:\WINDOWS\system3​2\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\S​HOCKW~1\Install.log
 SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​PROFES~1\RunTime\10\01\Intel32​\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E​6-879D-33D4B2102610}\setup.exe​" -l0x9 UNINSTALL -removeonly
 Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-411​4-8D68-9CD080140D4A}\Setup.exe​" UNINSTALL
 Studio de création numérique de Lapin Malin-->C:\Program Files\Mindscape\Studio de création numérique de Lapin Malin\uninstall.exe
 Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8up​dates\KB971180-IE8\spuninst\sp​uninst.exe"
 Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8up​dates\KB976749-IE8\spuninst\sp​uninst.exe"
 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$N​tUninstallKB951072-v2$\spunins​t\spuninst.exe"
 Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUn​installKB951978$\spuninst\spun​inst.exe"
 Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUn​installKB955839$\spuninst\spun​inst.exe"
 Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUn​installKB967715$\spuninst\spun​inst.exe"
 Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUn​installKB968389$\spuninst\spun​inst.exe"
 Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUn​installKB973687$\spuninst\spun​inst.exe"
 Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUn​installKB973815$\spuninst\spun​inst.exe"
 ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0​D78116468}
 Visual IP InSight(Sympatico Consumer)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D​1-AD16-00A0C95E0503}Sympatico Consumer\setup.exe Sympatico Consumer
 Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-038​74BBD4C2C}
 Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009​EB3A244C9}
 Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\s​puninst.exe"
 Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
 Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
 Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePack​Uninstall$\spuninst\spuninst.e​xe"
 WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
 xp-AntiSpy 3.95-->C:\Program Files\xp-AntiSpy\Uninstall.exe

 =====HijackThis Backups=====

 O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm [2009-11-29]

 Securitycenter WMI appears to be broken

 ======Environment variables======

 "ComSpec"=%SystemRoot%\system3​2\cmd.exe
 "Path"=%SystemRoot%\system32;%​SystemRoot%;%SystemRoot%\syste​m32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
 "windir"=%SystemRoot%
 "OS"=Windows_NT
 "PROCESSOR_ARCHITECTURE"=x86
 "PROCESSOR_LEVEL"=15
 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
 "PROCESSOR_REVISION"=0209
 "NUMBER_OF_PROCESSORS"=1
 "PATHEXT"=.COM;.EXE;.BAT;.CMD;​.VBS;.VBE;.JS;.JSE;.WSF;.WSH
 "TEMP"=%SystemRoot%\TEMP
 "TMP"=%SystemRoot%\TEMP
 "FP_NO_HOST_CHECK"=NO
 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava​.zip
 "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava​.zip

 -----------------EOF----------​-------

 VOila !

 Je ne peux pas change mon ecran de fond par les prorpiete du fait qu'il me donne le message d'erreur ci-haut !

 Merci encore de ton aide !

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 30/11/2009 à 23:06:02  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Télécharge SystemLook sur ton Bureau :
 http://jpshortstuff.247fixes.com/SystemLook.exe

 - Double-clique sur SystemLook.exe pour le lancer.

 - Copie le contenu du cadre ci-dessous et colle-le dans la zone texte de SystemLook :
 



 :filefind
 rundll32.exe



 - Clique sur le bouton Look pour démarrer l'examen.
 - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 01/12/2009 à 01:54:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
SAlut Dede

 Voici le rapport.  Que vous en connaissez des trucs, des logiciels gratuits et plein de chose.  Ca me fascine !

 SystemLook v1.0 by jpshortstuff (29.08.09)
 Log created at 19:52 on 30/11/2009 by Eric (Administrator - Elevation successful)

 ========== filefind ==========

 Searching for "rundll32.exe"
 C:\WINDOWS\$NtServicePackUnins​tall$\rundll32.exe -----c 33280 bytes [01:06 11/10/2008] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1​FF
 C:\WINDOWS\ServicePackFiles\i3​86\rundll32.exe ------ 33280 bytes [07:56 04/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6
 C:\WINDOWS\system32\dllcache\r​undll32.exe --a--c 33280 bytes [00:48 24/10/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6

 -=End Of File=-

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 01/12/2009 à 03:22:07  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Télécharge combofix.exe (de sUBs) sur le bureau :

 http://download.bleepingcomput [...] mboFix.exe

 Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
 http://forum.pcastuces.com/des [...] -f31s4.htm


 ==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

 -----

 - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

 - Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

 



 FCopy::
 C:\WINDOWS\ServicePackFiles\i3​86\rundll32.exe | c:\windows\system32\rundll32.e​xe




 - Enregistre ce fichier sur le bureau (Impératif)

 -Nom du fichier : CFScript.txt
 -Type du fichier : tous les fichiers

 - Clique sur Enregistrer et quitte le Bloc Notes


 - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture :

 http://free0.hiboox.com/images​/2409/9126d3b136f7db9ab6242ad7​15b44296.gif

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


 @++   :)

(Publicité)
duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 01/12/2009 à 04:17:52  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 Mon fond d'écran est revenu et j'ai accès a mes proprietes" plus de message d'erreur. :youpi:

 Combofix ne m'a pas demande d'option 1 ou 2 toutefois.  Il a roule directement.
 Voici le rapport


 ComboFix 09-11-30.02 - Eric 2009-11-30 21:47.9.1 - x86
 Microsoft Windows XP Home Edition  5.1.2600.3.1252.2.1033.18.255.​57 [GMT -5:00]
 Running from: c:\documents and settings\Eric\Desktop\ComboFix​.exe
 Command switches used :: c:\documents and settings\Eric\Desktop\CFScript​.txt
 AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD33​50758C7}
 * Created a new restore point
 .

 ((((((((((((((((((((((((((((((​(((((((((   Other Deletions   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 .
 --------------- FCopy ---------------

 c:\windows\ServicePackFiles\i3​86\rundll32.exe --> c:\windows\system32\rundll32.e​xe
 .
 (((((((((((((((((((((((((   Files Created from 2009-11-01 to 2009-12-01  ))))))))))))))))))))))))))))))​)
 .

 2009-12-01 02:47 . 2008-04-14 00:12 33280 -c--a-w- c:\windows\system32\dllcache\r​undll32.exe
 2009-12-01 02:47 . 2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.e​xe
 2009-11-30 18:50 . 2009-11-30 18:50 -------- dc----w- C:\rsit
 2009-11-29 19:24 . 2009-11-29 19:24 -------- dc----w- C:\_OTM
 2009-11-24 03:36 . 2009-11-24 03:36 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Temp
 2009-11-24 03:36 . 2009-11-24 03:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
 2009-11-24 03:35 . 2009-11-24 03:39 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Google
 2009-11-24 03:35 . 2009-11-24 03:37 -------- d-----w- c:\program files\Google
 2009-11-13 11:25 . 2009-11-30 01:30 79488 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\jre1.6.0_17\gtap​i.dll
 2009-11-09 03:49 . 2009-11-09 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

 .
 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))
 .
 2009-11-30 18:50 . 2009-05-25 23:01 -------- d-----w- c:\program files\trend micro
 2009-11-29 14:21 . 2009-06-22 23:50 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes​' Anti-Malware\mbam-setup.exe
 2009-11-01 15:33 . 2009-10-04 17:45 -------- d-----w- c:\program files\Common Files\Nikon
 2009-11-01 15:33 . 2009-10-04 17:45 -------- d-----w- c:\program files\Nikon
 2009-11-01 15:33 . 2009-10-04 17:44 0 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
 2009-10-23 22:44 . 2009-10-23 22:44 -------- d-----w- c:\program files\ESET
 2009-10-18 22:55 . 2009-06-30 00:47 -------- d-----w- c:\program files\PartyGaming
 2009-10-04 18:39 . 2009-10-04 17:51 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
 2009-10-04 18:39 . 2009-10-04 17:58 -------- d-----w- c:\documents and settings\Eric\Application Data\Nikon
 2009-10-04 17:54 . 2009-10-04 17:54 57344 ----a-r- c:\documents and settings\Eric\Application Data\Microsoft\Installer\{8744​1A59-5E64-4096-A170-14EFE67200​C3}\ARPPRODUCTICON.exe
 2009-10-04 17:51 . 2009-10-04 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electric Clav
 2009-10-04 17:51 . 2009-10-04 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
 2009-10-04 17:51 . 2009-10-04 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
 2009-10-04 17:47 . 2009-10-04 17:47 335872 ----a-r- c:\documents and settings\Eric\Application Data\Microsoft\Installer\{237C​D223-1B9D-47E8-A76C-E478B83CCE​A2}\ARPPRODUCTICON.exe
 2009-10-04 17:42 . 2004-02-01 23:18 -------- d-----w- c:\program files\QuickTime
 2009-10-04 17:39 . 2009-10-04 17:39 -------- d-----w- c:\program files\ArcSoft
 2009-10-04 17:39 . 2004-01-03 21:11 -------- d--h--w- c:\program files\InstallShield Installation Information
 2009-09-11 14:18 . 2003-05-27 15:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
 2009-09-04 21:03 . 2003-05-27 15:42 58880 ----a-w- c:\windows\system32\msasn1.dll
 2004-07-13 02:59 . 2004-07-13 02:58 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
 .

 ------- Sigcheck -------

 [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C​8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\S​P3QFE\tcpip.sys
 [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D​3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\S​P3GDR\tcpip.sys
 [-] 2008-06-20 . 9425B72F40257B45D45D24773273DA​D0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\t​cpip.sys
 [-] 2008-06-20 . 9425B72F40257B45D45D24773273DA​D0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tc​pip.sys
 [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3​F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUnins​tall$\tcpip.sys
 [7] 2008-06-20 . 744E57C99232201AE98C49168B918F​48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\S​P2QFE\tcpip.sys
 [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F7​33 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB95174​8$\tcpip.sys
 [-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95​E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i3​86\tcpip.sys
 [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B1​78 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB95174​8_0$\tcpip.sys
 [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8​C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\S​P2QFE\tcpip.sys
 [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4​B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\S​P2QFE\tcpip.sys
 [-] 2006-04-20 . 1DBF125862891817F374F407626967​F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB94164​4$\tcpip.sys
 [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C1​95 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\S​P2QFE\tcpip.sys
 [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7E​F4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB91795​3$\tcpip.sys
 [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE​1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\S​P2QFE\tcpip.sys
 [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720​C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB91344​6$\tcpip.sys
 [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE5​5C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB89306​6$\tcpip.sys

 [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA6​56 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i3​86\eventlog.dll
 [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B​78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUnins​tall$\eventlog.dll

 c:\windows\System32\eventlog.d​ll ... is missing !!
 .
 (((((((((((((((((((((((((((((   SnapShot@2009-10-21_11.48.56   ))))))))))))))))))))))))))))))​)))))))))))
 .
 + 2009-11-30 01:24 . 2009-11-30 01:24 16384              c:\windows\temp\Perflib_Perfda​ta_648.dat
 - 2007-01-29 08:58 . 2009-07-14 11:03 46080              c:\windows\system32\tzchange.e​xe
 + 2007-01-29 08:58 . 2009-10-28 15:07 46080              c:\windows\system32\tzchange.e​xe
 - 2003-05-27 15:42 . 2009-04-15 21:13 40108              c:\windows\system32\perfc009.d​at
 + 2003-05-27 15:42 . 2009-11-08 15:38 40108              c:\windows\system32\perfc009.d​at
 + 2008-05-25 03:35 . 2009-11-09 03:51 88589              c:\windows\system32\Macromed\F​lash\uninstall_activeX.exe
 + 2009-11-24 03:35 . 2009-11-24 03:35 22528              c:\windows\Installer\1347db.ms​i
 + 2009-11-25 02:00 . 2009-11-25 02:00 32768              c:\windows\Installer\{F662A8E6​-F4DC-41A2-901E-8C11F044BDEC}\​icon.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​UNINST_Uninstall_G_F6A848FB884​248E6A4CDCBDCF41F6A74_1.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​UNINST_Uninstall_G_F6A848FB884​248E6A4CDCBDCF41F6A74.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​ShortcutOGL_EB071909B9884F8CBF​3D6115D4ADEE5E.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​ShortcutDX_EB071909B9884F8CBF3​D6115D4ADEE5E.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​googleearth.exe1_F6A848FB88424​8E6A4CDCBDCF41F6A74.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​googleearth.exe_F6A848FB884248​E6A4CDCBDCF41F6A74.exe
 + 2009-11-24 03:38 . 2009-11-24 03:38 25214              c:\windows\Installer\{9074AFC0​-CFDA-11DE-B484-005056806466}\​ARPPRODUCTICON.exe
 + 2003-05-27 15:42 . 2009-11-08 15:38 311912              c:\windows\system32\perfh009.d​at
 - 2003-05-27 15:42 . 2009-04-15 21:13 311912              c:\windows\system32\perfh009.d​at
 + 2009-07-18 03:12 . 2009-07-18 03:12 257440              c:\windows\system32\Macromed\F​lash\FlashUtil10c.exe
 + 2003-05-27 08:47 . 2009-11-13 11:18 252680              c:\windows\system32\FNTCACHE.D​AT
 - 2003-05-27 08:47 . 2009-08-30 17:13 252680              c:\windows\system32\FNTCACHE.D​AT
 + 2009-11-25 02:00 . 2009-11-25 02:00 429568              c:\windows\Installer\4e2470b.m​si
 + 2009-11-08 16:23 . 2008-07-08 13:02 382840              c:\windows\ie8updates\KB976749​-IE8\spuninst\updspapi.dll
 + 2009-11-08 16:23 . 2008-07-08 13:02 231288              c:\windows\ie8updates\KB976749​-IE8\spuninst\spuninst.exe
 + 2009-07-21 05:03 . 2009-07-21 05:03 1348432              c:\windows\WinSxS\x86_Microsof​t.MSXML2_6bd6b9abf345378f_4.20​.9876.0_x-ww_a621d1d5\msxml4.d​ll
 + 2003-05-27 15:42 . 2009-08-14 13:21 1850624              c:\windows\system32\win32k.sys
 + 2008-09-12 22:23 . 2009-07-31 15:05 1372672              c:\windows\system32\msxml6.dll
 + 2009-07-21 05:05 . 2009-07-21 05:05 1348432              c:\windows\system32\msxml4.dll
 + 2003-05-27 15:42 . 2009-07-31 04:35 1172480              c:\windows\system32\msxml3.dll
 + 2004-07-07 23:37 . 2009-10-22 09:19 5939712              c:\windows\system32\mshtml.dll
 + 2008-10-16 01:28 . 2009-08-14 13:21 1850624              c:\windows\system32\dllcache\w​in32k.sys
 + 2008-09-12 22:23 . 2009-07-31 15:05 1372672              c:\windows\system32\dllcache\m​sxml6.dll
 + 2008-11-12 01:21 . 2009-07-31 04:35 1172480              c:\windows\system32\dllcache\m​sxml3.dll
 + 2006-05-19 15:08 . 2009-10-22 09:19 5939712              c:\windows\system32\dllcache\m​shtml.dll
 + 2009-11-24 03:38 . 2009-11-24 03:38 1258496              c:\windows\Installer\1347e1.ms​i
 + 2009-11-08 16:23 . 2009-08-29 08:08 5940224              c:\windows\ie8updates\KB976749​-IE8\mshtml.dll
 + 2009-09-15 19:06 . 2009-09-15 19:06 1001032              c:\windows\Downloaded Program Files\UploaderX.dll
 + 2005-05-11 11:44 . 2009-11-05 17:36 26768832              c:\windows\system32\MRT.exe
 .
 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe AcRdB7_0_9 -reboot 1" [X]
 "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
 "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
 "iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-11-14 94208]
 "SsAAD.exe"="c:\progra~1\Sony\​SONICS~1\SsAAD.exe" [2005-06-03 81920]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2009-07-27 148888]
 "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
 "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupda​te.exe" [2006-10-25 210472]
 "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd4​0nt.exe" [2007-10-11 29984]
 "IndexSearch"="c:\program files\ScanSoft\PaperPort\Index​Search.exe" [2007-10-11 46368]
 "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\​Ereg.exe" [2007-08-31 328992]
 "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWn​d.exe" [2008-05-29 1085440]
 "ControlCenter3"="c:\program files\Brother\ControlCenter3\b​rctrcen.exe" [2007-12-21 86016]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\Syste​m32\CTFMON.EXE" [2008-04-14 15360]

 c:\documents and settings\All Users\Start Menu\Programs\Startup\
 Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
 Assistant Internet.lnk - c:\program files\NetAssistant\bin\matcli.​exe [2005-6-5 217088]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\WinDefend]
 @="Service"

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​run-]
 "ctfmon.exe"=c:\windows\system​32\ctfmon.exe
 "IncrediMail"=c:\program files\IncrediMail\bin\IncMail.​exe /c
 "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\run-]
 "NeroCheck"=c:\windows\system3​2\NeroCheck.exe
 "ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 "IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
 "IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
 "SoundMan"=SOUNDMAN.EXE
 "Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\​SNDMon.exe /Consumer
 "Motive SmartBridge"=c:\progra~1\NETAS​S~1\SMARTB~1\MotiveSB.exe
 "SsAAD.exe"=c:\progra~1\Sony\S​ONICS~1\SsAAD.exe
 "QAGENT"=c:\program files\QUICKENW\QAGENT.EXE

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "c:\\WINDOWS\\system32\\sessmg​r.exe"=
 "c:\\WINDOWS\\system32\\dpvset​up.exe"=
 "c:\\WINDOWS\\system32\\dxdiag​.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\Brother\\Brmfl08b\\FAXR​X.exe"=

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
 "54925:UDP"= 54925:UDP:BrotherNetwork Scanner

 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-31 108289]
 R2 mrtRate;mrtRate;c:\windows\sys​tem32\drivers\MrtRate.sys [2004-01-04 34712]
 S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpda​te.exe [2009-11-23 135664]
 S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

 --- Other Services/Drivers In Memory ---

 *Deregistered* - IPVNMon
 .
 Contents of the 'Scheduled Tasks' folder

 2009-10-14 c:\windows\Tasks\AppleSoftware​Update.job
 - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]

 2009-11-24 c:\windows\Tasks\GoogleUpdateT​askMachineCore.job
 - c:\program files\Google\Update\GoogleUpda​te.exe [2009-11-24 03:35]

 2009-10-20 c:\windows\Tasks\MP Scheduled Scan.job
 - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
 .
 .
 ------- Supplementary Scan -------
 .
 uStart Page = hxxp://www.google.com/
 uInternet Connection Wizard,ShellNext = iexplore
 uInternet Settings,ProxyOverride = 127.0.0.1
 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes​\dajava.cab
 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes​\xmldso.cab
 DPF: {18CD2FD8-81CE-44C3-99E1-0822E​1C7116C} - hxxp://files.ea.com/downloads/​rtpatch/v4/EARTP8X.cab
 DPF: {3D3B42C2-11BF-4732-A304-A0138​4B70D68} - hxxp://picasaweb.google.com/s/​v/57.07/uploader2.cab
 .
 - - - - ORPHANS REMOVED - - - -

 AddRemove-Assistant Internet - c:\progra~1\NETASS~1\Uninstall​.exe  BellCanada
 AddRemove-Panda ActiveScan - c:\windows\system32\ASUninst.e​xe Panda ActiveScan
 AddRemove-{097346E0-6A51-11D1-​AD16-00A0C95E0503}(Sympatico Consumer) - c:\program files\InstallShield Installation Information\{097346E0-6A51-11D​1-AD16-00A0C95E0503}Sympatico Consumer\setup.exe Sympatico Consumer



 ******************************​******************************​**************

 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2009-11-30 22:01
 Windows 5.1.2600 Service Pack 3 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 --------------------- LOCKED REGISTRY KEYS ---------------------

 [HKEY_USERS\S-1-5-21-3277439761​-2136417557-3852222622-1006\So​ftware\Microsoft\SystemCertifi​cates\AddressBook*]
 @Allowed: (Read) (RestrictedCode)
 @Allowed: (Read) (RestrictedCode)
 .
 --------------------- DLLs Loaded Under Running Processes ---------------------

 - - - - - - - > 'winlogon.exe'(500)
 c:\windows\system32\Ati2evxx.d​ll

 - - - - - - - > 'explorer.exe'(176)
 c:\windows\system32\WININET.dl​l
 c:\windows\system32\ieframe.dl​l
 c:\windows\system32\webcheck.d​ll
 c:\windows\system32\mshtml.dll
 c:\windows\system32\msls31.dll
 .
 Completion time: 2009-11-30 22:08
 ComboFix-quarantined-files.txt  2009-12-01 03:08
 ComboFix2.txt  2009-10-22 00:47
 ComboFix3.txt  2009-10-21 11:56

 Pre-Run: 27 647 131 648 bytes free
 Post-Run: 27 627 372 544 bytes free

 - - End Of File - - 8A262E8F693ADC8A34F473A1D67E9B​22

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 01/12/2009 à 05:17:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 On va vérifier si rien de caché :

 Important Désactive ton Antivirus avant le scan en ligne :
 http://forum.pcastuces.com/des [...] -f31s4.htm


 Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :
 http://www.eset-nod32.fr/scanner.html

 Dans le bas de la page clique sur ESET Online Scanner

 http://free0.hiboox.com/images​/4209/b96dc9aff0dcc3a72691b5d0​4efd151f.jpg


 Dans la nouvelle page, coche la case devant OUI, j'accepte les termes du contrat de licence et clique sur Start pour débuter.

 http://images3.hiboox.com/imag​es/2109/a882aa9c7cab6f8a72c8b7​e6faff20c3.jpg


 Dans la nouvelle page(qui est assez longue a charger) tu auras une alerte pour la barre d'information, clique sur Fermé.

 Maintenant faire un clique droit dans la barre d'information en jaune dans le haut de la page, et clique sur Installer le contrôle ActiveX.

 http://images3.hiboox.com/imag​es/2109/55ff2ea1fdce71d36ee433​e691d4e776.jpg


 Une boite d'information va s'ouvrir, clique sur Installer

 http://images3.hiboox.com/imag​es/2109/f67bf671249caa67694a99​5e87920bb7.jpg


 Dans la nouvelle page clique en bas sur Démarrer, le téléchargement de la base des signatures de virus va débuter.
 Après le scan du PC va débuter, patience le temps du scan, ne pas faire de navigation durant le scan, on a désactivé l'Antivirus.


 Une fois le scan fini, cliqué sur Terminé et fermé la page.

 Ouvrir l'explorateur Windows et retrouver le rapport qui est dans ce répertoire :

 C:\Program Files\ESET\ESET Online Scanner\log.txt

 Copie/colle le contenue de ce rapport log.txt


 @++  :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 02/12/2009 à 03:37:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede.  Tout a l'air de bien fonctionner maintenant.

 voici le rapport

 ESETSmartInstaller@High as CAB hook log:
 OnlineScanner.ocx - registred OK
 # version=7
 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).09030​8-0339)
 # OnlineScanner.ocx=1.0.0.6211
 # api_version=3.0.2
 # EOSSerial=ff085e3ff2f5f548aeae​a11ffdda3af0
 # end=finished
 # remove_checked=true
 # archives_checked=false
 # unwanted_checked=true
 # unsafe_checked=false
 # antistealth_checked=true
 # utc_time=2009-12-02 02:23:12
 # local_time=2009-12-01 09:23:12 (-0500, Eastern Standard Time)
 # country="Canada"
 # lang=1036
 # osver=5.1.2600 NT Service Pack 3
 # compatibility_mode=512 16777215 100 0 0 0 0 0
 # compatibility_mode=1797 16775125 100 100 0 54838471 0 0
 # compatibility_mode=5892 16776574 100 100 92126374 116733038 0 0
 # compatibility_mode=8192 67108863 100 0 3293475 3293475 0 0
 # scanned=71913
 # found=0
 # cleaned=0
 # scan_time=2864

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/12/2009 à 12:16:57  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Ton rapport est propre, as-tu d'autre souci?


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 03/12/2009 à 02:10:15  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 Tout est super cool !!! :super:

 Milles merci !!! :D

 Est ce que toftof avait raison sur malwarebyte ?  Est ce que je n'ai pas la derniere version ?

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/12/2009 à 02:26:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Désinstalle-le via Ajout/Suppression de programmes, voici la dernière version :
 http://www.01net.com/telecharg [...] 44096.html


 Mettre à jour et faire un scan rapide, poste le rapport


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 05/12/2009 à 15:49:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 J,ai fait rouler la nouvelle version de MBAM mais il trouve encore le backdoor et le trojan sur les ficher rundll32. exe.  Avant de les supprimer et de recréer mon problème, je pensais te demander ce que je dois faire.

 Malwarebytes' Anti-Malware 1.42
 Database version: 3298
 Windows 5.1.2600 Service Pack 3
 Internet Explorer 8.0.6001.18702

 2009-12-05 09:50:52
 mbam-log-2009-12-05 (09-50-52).txt

 Scan type: Quick Scan
 Objects scanned: 110508
 Time elapsed: 5 minute(s), 52 second(s)

 Memory Processes Infected: 0
 Memory Modules Infected: 0
 Registry Keys Infected: 1
 Registry Values Infected: 0
 Registry Data Items Infected: 0
 Folders Infected: 0
 Files Infected: 2

 Memory Processes Infected:
 (No malicious items detected)

 Memory Modules Infected:
 (No malicious items detected)

 Registry Keys Infected:
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 Registry Values Infected:
 (No malicious items detected)

 Registry Data Items Infected:
 (No malicious items detected)

 Folders Infected:
 (No malicious items detected)

 Files Infected:
 C:\WINDOWS\rundll.exe (Trojan.Agent) -> Not selected for removal.
 C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Not selected for removal.

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 05/12/2009 à 17:29:35  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Télécharge SDFix par AndyManchesta sur le Bureau :

 http://downloads.andymanchesta [...] /SDFix.exe


 Double clic sur SDFix.exe sur le bureau et clic sur Install , choisi le bureau pour l’intallation et un dossier sera créer sur le bureau.


 Redémarre ton PC en mode sans échec :

 Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur.


 Ouvre le dossier SDFix sur le bureau et double clique sur RunThis.bat, appuie sur Y pour lancer le nettoyage.

 Il y aura redémarrage, quand Finished s’affichera appuie sur un touche pour terminer.

 Poste le rapport qui se trouve dans le dossier SDFix sous le nom de Report.txt dans ta prochaine réponse.


 @++ :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 08/12/2009 à 04:12:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 Salut Dede. Desole pour le delai.  Voici le rapport !

 SDFix: Version 1.240
 Run by Eric on 2009-12-07 at 21:27

 Microsoft Windows XP [Version 5.1.2600]
 Running From: C:\SDFix

 Checking Services :


 Restoring Default Security Values
 Restoring Default Hosts File

 Rebooting


 Checking Files :

 No Trojan Files Found






 Removing Temp Files

 ADS Check :

Final Check :

 catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2009-12-07 21:44:02
 Windows 5.1.2600 Service Pack 3 NTFS

 scanning hidden processes ...

 scanning hidden services & system hive ...

 scanning hidden registry entries ...

 scanning hidden files ...

 scan completed successfully
 hidden processes: 0
 hidden services: 0
 hidden files: 0


 Remaining Services :




 Authorized Application Key Export:

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\standardprofile\authorizedap​plications\list]
 "C:\\WINDOWS\\system32\\sessmg​r.exe"="C:\\WINDOWS\\system32\​\sessmgr.exe:*:Enabled:@xpsp2r​es.dll,-22019"
 "C:\\WINDOWS\\system32\\dpvset​up.exe"="C:\\WINDOWS\\system32​\\dpvsetup.exe:*:Enabled:Micro​soft DirectPlay Voice Test"
 "C:\\WINDOWS\\system32\\dxdiag​.exe"="C:\\WINDOWS\\system32\\​dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%w​indir%\\Network Diagnostic\\xpnetdiag.exe:*:En​abled:@xpsp3res.dll,-20000"
 "%windir%\\system32\\sessmgr.e​xe"="%windir%\\system32\\sessm​gr.exe:*:enabled:@xpsp2res.dll​,-22019"
 "C:\\Program Files\\Brother\\Brmfl08b\\FAXR​X.exe"="C:\\Program Files\\Brother\\Brmfl08b\\FAXR​X.exe:*:Enabled:FAXRX.EXE"

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\domainprofile\authorizedappl​ications\list]
 "%windir%\\system32\\sessmgr.e​xe"="%windir%\\system32\\sessm​gr.exe:*:enabled:@xpsp2res.dll​,-22019"
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%w​indir%\\Network Diagnostic\\xpnetdiag.exe:*:En​abled:@xpsp3res.dll,-20000"

 Remaining Files :



 Files with Hidden Attributes :

 Sun 25 Jan 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
 Sat  6 Mar 2004           401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
 Thu 15 May 2003        43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe​"
 Sun 28 Mar 2004        19,456 ...H. --- "C:\Documents and Settings\Eric\Application Data\Microsoft\Word\~WRL0003.t​mp"
 Fri 20 Feb 2004        33,792 ...H. --- "C:\Documents and Settings\Eric\Application Data\Microsoft\Word\~WRL0004.t​mp"
 Fri 20 Feb 2004        36,864 ...H. --- "C:\Documents and Settings\Eric\Application Data\Microsoft\Word\~WRL1085.t​mp"
 Sun 28 Mar 2004        22,016 ...H. --- "C:\Documents and Settings\Eric\Application Data\Microsoft\Word\~WRL2213.t​mp"
 Sun 28 Mar 2004        21,504 ...H. --- "C:\Documents and Settings\Eric\Application Data\Microsoft\Word\~WRL2290.t​mp"
 Sun 25 Jan 2004         4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
 Sat  6 Mar 2004           401 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
 Sun 25 Jan 2004           312 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
 Sat  6 Mar 2004        24,576 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2lic.bak"

 Finished!

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 08/12/2009 à 05:29:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Télécharge SystemLook sur ton Bureau :
 http://jpshortstuff.247fixes.com/SystemLook.exe

 - Double-clique sur SystemLook.exe pour le lancer.

 - Copie le contenu du cadre ci-dessous et colle-le dans la zone texte de SystemLook :
 



 :filefind
 rundll32.exe



 - Clique sur le bouton Look pour démarrer l'examen.
 - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 09/12/2009 à 05:41:46  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 Moi qui pensait que ce serait une petite affaire, ca semble assez compliqué finalement non ?


 SystemLook v1.0 by jpshortstuff (29.08.09)
 Log created at 23:37 on 08/12/2009 by Eric (Administrator - Elevation successful)

 ========== filefind ==========

 Searching for "rundll32.exe"
 C:\WINDOWS\$NtServicePackUnins​tall$\rundll32.exe -----c 33280 bytes [01:06 11/10/2008] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1​FF
 C:\WINDOWS\ServicePackFiles\i3​86\rundll32.exe ------ 33280 bytes [07:56 04/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6
 C:\WINDOWS\system32\dllcache\r​undll32.exe --a--c 33280 bytes [02:47 01/12/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6
 C:\WINDOWS\system32\rundll32.e​xe --a--- 33280 bytes [02:47 01/12/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6

 -=End Of File=-

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 10/12/2009 à 01:28:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Fais un scan avec BitDefender ici :

 http://www.bitdefender.fr/scan8/ie.html (A faire avec Internet Explorer)


 Tutoriel : http://www.malekal.com/scan_Av [...] ocId406812


 @++ :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 13/12/2009 à 22:02:18  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut dede.

 J'ai eu d'autres problemes et MBAM a supprimer encore RUNDLL32 et RUNDLL.  Je ne suis plus capable de faire tourner certaines applications.

 Voici finalement le rapport bitdefender

 BitDefender Online Scanner - Real Time Virus Report
 
 
 
 Generated at: Sun, Dec 13, 2009 - 15:52:33
 

 ------------------------------​------------------------------​--------------------

 
 
 
 
 Scan Info
 
 
 
 Scanned Files
 259498
 
 Infected Files
 0
 
 
 
 
 
 
 
 
 Virus Detected
 
 
 
 No virus found.
 
 
 
 
 
 
 
 
 
 

 ------------------------------​------------------------------​--------------------
 
 
 
 This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
 
 
 

 

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 14/12/2009 à 04:27:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Télécharge OTM (de Old_Timer) sur le bureau :

 http://oldtimer.geekstogo.com/OTM.exe


 Double-clique sur OTM.exe sur le bureau

 - Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

 - Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

 



 :files
 C:\WINDOWS\rundll.exe
 C:\WINDOWS\rundll32.exe

 :commands
 [purity]
 [emptytemp]
 [reboot]




 - Clique sur MoveIt! pour lancer la suppression.
 - Ferme OTM

 Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

 Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.


 -----


 Double-clique sur SystemLook.exe pour le lancer.

 - Copie le contenu du cadre ci-dessous et colle-le dans la zone texte de SystemLook :
 



 :filefind
 rundll32.exe



 - Clique sur le bouton Look pour démarrer l'examen.
 - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 15/12/2009 à 02:30:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede



 All processes killed
 ========== FILES ==========
 File/Folder C:\WINDOWS\rundll.exe not found.
 File/Folder C:\WINDOWS\rundll32.exe not found.
 ========== COMMANDS ==========
 
 [EMPTYTEMP]
 
 User: Administrator
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: All Users
 
 User: Default User
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: Eric
 ->Temp folder emptied: 1064928 bytes
 ->Temporary Internet Files folder emptied: 7342599 bytes
 ->Java cache emptied: 13693404 bytes
 
 User: LocalService
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 33170 bytes
 
 User: NetworkService
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 33170 bytes
 
 User: Owner
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 Windows Temp folder emptied: 0 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temp folder emptied: 0 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
 RecycleBin emptied: 25617108 bytes
 
 Total Files Cleaned = 45,57 mb
 

 SystemLook v1.0 by jpshortstuff (29.08.09)
 Log created at 20:28 on 14/12/2009 by Eric (Administrator - Elevation successful)

 ========== filefind ==========

 Searching for "rundll32.exe"
 C:\WINDOWS\$NtServicePackUnins​tall$\rundll32.exe -----c 33280 bytes [01:06 11/10/2008] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1​FF
 C:\WINDOWS\ServicePackFiles\i3​86\rundll32.exe ------ 33280 bytes [07:56 04/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6
 C:\WINDOWS\system32\dllcache\r​undll32.exe --a--c 33280 bytes [22:36 13/12/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6
 C:\WINDOWS\system32\rundll32.e​xe --a--- 33280 bytes [22:36 13/12/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577E​E6

 -=End Of File=-
 
 OTM by OldTimer - Version 3.1.2.0 log created on 12142009_202051

 Files moved on Reboot...

 Registry entries deleted on Reboot...

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 15/12/2009 à 05:11:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Tout semble bon, as-tu encore des soucis?


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 16/12/2009 à 04:48:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 Tout semble effectivement aller tres bien

 Merci encore !!! :youpi:

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 17/12/2009 à 04:12:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

 http://pc-system.fr/TC/ToolsCleaner2.exe


 - Double clique sur ToolsCleaner2.exe sur le bureau
 - Clique sur Recherche et laisse le scan agir.
 - Clique sur Suppression pour finaliser.
 - Tu peux, si tu le souhaites, te servir des Options facultatives.
 - Clique sur Quitter pour obtenir le rapport.
 - Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
 - Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


 -----


 Je te donne quelques consignes de sécurité :

 -  Windows Update  parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
 - pare-feu bien paramétré, je te conseil : ZoneAlarm
 - antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
 - une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
 - pas de téléchargement illégal, qui est le principal facteur d’infection (µTorrent, BitTorrent, eMule, Limewire, etc..)   Le danger des cracks !
 - une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
 - nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
 - scan hebdomadaire antispyware  ( je conseil MalwareByte's Anti-Malware)
 - un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
 - faire régulièrement un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
 http://www.malekal.com/scan_vulnerabilite.php


 De bonne lecture si tu veux en savoir plus sur la sécurité et le fonctionnement de Windows :
 http://www.malekal.com/menu_windows_general.php
 http://www.malekal.com/menu_windows_securite.php


 Si tu considère ton problème comme résolu, édite http://www.01net.com/img/forum​/v6/picto_edit.gif ton premier poste et ajoute [résolu] dans le titre.

 Bonne journée/soirée et bon surf    :super:  


 @++  :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 18/12/2009 à 03:22:18  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut dede

 Tout est effectivement resolu mais MBAM trouve toujours un backdoor et un trojan sur RUNDLL32 et RUNDLL ?

 Je les ignores ?

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 18/12/2009 à 04:20:35  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

 - Quitte les applications en cours afin de ne pas interrompre le scan.
 - Double clique sur OTL.exe pour lancer le programme
 - Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :

 



netsvcs
 %SYSTEMDRIVE%\*.*
 %SYSTEMDRIVE%\*.exe
 %PROGRAMFILES%\*.*
 %PROGRAMFILES%\*.
 /md5start
 eventlog.dll
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iaStor.sys
 nvstor.sys
 atapi.sys
 IdeChnDr.sys
 viasraid.sys
 AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 explorer.exe
 svchost.exe
 userinit.exe
 qmgr.dll
 ws2_32.dll
 proquota.exe
 imm32.dll
 kernel32.dll
 ndis.sys
 autochk.exe
 spoolsv.exe
 xmlprov.dll
 ntmssvc.dll
 mswsock.dll
 Beep.SYS
 ntfs.sys
 termsrv.dll
 sfcfiles.dll
 st3shark.sys
 /md5stop
 %systemroot%\*. /mp /s
 c:\$recycle.bin\*.* /s




 - Clique sur le bouton Run Scan.
 - Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

 - Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 23/12/2009 à 02:35:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 OTL logfile created on: 2009-12-22 19:59:30 - Run 1
 OTL by OldTimer - Version 3.1.19.0     Folder = C:\Documents and Settings\Eric\Desktop
 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18702)
 Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
 
 255,00 Mb Total Physical Memory | 56,00 Mb Available Physical Memory | 22,00% Memory free
 642,00 Mb Paging File | 306,00 Mb Available in Paging File | 48,00% Paging File free
 Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
 Drive C: | 76,69 Gb Total Space | 24,63 Gb Free Space | 32,12% Space Free | Partition Type: NTFS
 D: Drive not present or media not loaded
 E: Drive not present or media not loaded
 F: Drive not present or media not loaded
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: OWNER-K0N3ZT9M2
 Current User Name: Eric
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Company Name Whitelist: Off
 Skip Microsoft Files: Off
 File Age = 30 Days
 Output = Standard
 
 ========== Processes (SafeList) ==========
 
 PRC - [2009-12-22 19:58:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
 PRC - [2009-11-23 22:35:31 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpda​te.exe
 PRC - [2009-08-18 16:12:32 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 PRC - [2009-07-26 22:00:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
 PRC - [2009-07-13 07:36:46 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
 PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
 PRC - [2009-03-02 12:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 PRC - [2008-05-29 11:49:50 | 01,085,440 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe
 PRC - [2008-05-20 13:26:36 | 00,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\B​rccMCtl.exe
 PRC - [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 PRC - [2008-01-31 16:27:04 | 00,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimo​n.exe
 PRC - [2007-12-11 09:56:54 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
 PRC - [2007-10-11 18:03:10 | 00,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe
 PRC - [2006-02-21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.e​xe
 PRC - [2005-09-11 11:24:03 | 00,258,048 | ---- | M] (iISoftware) -- C:\Program Files\iISystem Wiper\SystemWiper.exe
 PRC - [2005-06-03 07:16:00 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.ex​e
 PRC - [2005-06-03 05:21:00 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 PRC - [2001-11-13 22:36:24 | 00,094,208 | ---- | M] () -- C:\Program Files\QUICKENW\qagent.exe
 PRC - [2001-02-28 13:42:44 | 00,065,536 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtMngr.ex​e
 
 
 ========== Modules (SafeList) ==========
 
 MOD - [2009-12-22 19:58:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - [2009-11-23 22:35:31 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpda​te.exe -- (gupdate) Service Google Update (gupdate)
 SRV - [2009-08-18 16:12:32 | 00,185,089 | ---- | M] (Avira GmbH) [On_Demand | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
 SRV - [2009-07-26 22:00:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
 SRV - [2009-07-13 07:36:46 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 SRV - [2006-04-03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
 SRV - [2006-02-21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.e​xe -- (Ati HotKey Poller)
 SRV - [2005-06-07 01:32:54 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
 SRV - [2005-06-07 01:28:04 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 SRV - [2005-06-07 01:22:34 | 00,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
 SRV - [2005-06-03 05:21:00 | 00,069,632 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
 SRV - [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\​Intel 32\IDriverT.exe -- (IDriverT)
 SRV - [2003-12-03 00:10:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.e​xe -- (ATI Smart)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - [2009-12-10 18:02:16 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\av​gntflt.sys -- (avgntflt)
 DRV - [2009-07-13 07:36:47 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ss​mdrv.sys -- (ssmdrv)
 DRV - [2009-03-30 09:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\av​ipbb.sys -- (avipbb)
 DRV - [2009-02-13 11:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 DRV - [2008-04-13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ga​meenum.sys -- (gameenum)
 DRV - [2008-04-13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\us​baudio.sys -- (usbaudio) USB Audio Driver (WDM)
 DRV - [2008-04-13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\am​dagp.sys -- (amdagp)
 DRV - [2008-04-13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\si​sagp.sys -- (sisagp)
 DRV - [2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\se​cdrv.sys -- (Secdrv)
 DRV - [2007-07-25 21:53:30 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Px​Help20.sys -- (PxHelp20)
 DRV - [2006-02-21 19:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\at​i2mtag.sys -- (ati2mtag)
 DRV - [2004-08-04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv​4_mini.sys -- (nv)
 DRV - [2004-04-14 10:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Wm​XlCore.sys -- (WmXlCore)
 DRV - [2004-04-14 10:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wm​Filter.sys -- (WmFilter)
 DRV - [2004-04-14 10:08:00 | 00,014,432 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wm​HidLo.sys -- (WmHidLo)
 DRV - [2004-04-14 10:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Wm​BEnum.sys -- (WmBEnum)
 DRV - [2004-04-14 10:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wm​VirHid.sys -- (WmVirHid)
 DRV - [2004-01-03 16:24:27 | 00,002,397 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sy​mlcbrd.sys -- (symlcbrd)
 DRV - [2003-12-03 17:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cd​rbsvsd.sys -- (cdrbsvsd)
 DRV - [2003-05-30 12:42:00 | 00,397,824 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\si​sgrp.sys -- (SiS315)
 DRV - [2003-05-14 18:09:00 | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sr​vkp.sys -- (SiSkp)
 DRV - [2003-04-01 15:51:30 | 00,719,052 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AL​CXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
 DRV - [2002-08-29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pt​ilink.sys -- (Ptilink)
 DRV - [2001-08-23 22:03:54 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation                                                ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT​L8139.sys -- (rtl8139)
 DRV - [2001-08-17 17:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hi​dgame.sys -- (hidgame)
 DRV - [2001-08-17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sp​arrow.sys -- (Sparrow)
 DRV - [2001-08-17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sy​m_u3.sys -- (sym_u3)
 DRV - [2001-08-17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sy​m_hi.sys -- (sym_hi)
 DRV - [2001-08-17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sy​mc8xx.sys -- (symc8xx)
 DRV - [2001-08-17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sy​mc810.sys -- (symc810)
 DRV - [2001-08-17 16:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ms​mpu401.sys -- (ms_mpu401)
 DRV - [2001-08-17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ul​tra.sys -- (ultra)
 DRV - [2001-08-17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql​12160.sys -- (ql12160)
 DRV - [2001-08-17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql​1080.sys -- (ql1080)
 DRV - [2001-08-17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql​1280.sys -- (ql1280)
 DRV - [2001-08-17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\da​c2w2k.sys -- (dac2w2k)
 DRV - [2001-08-17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mr​aid35x.sys -- (mraid35x)
 DRV - [2001-08-17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\as​c.sys -- (asc)
 DRV - [2001-08-17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\as​c3550.sys -- (asc3550)
 DRV - [2001-08-17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\al​iide.sys -- (AliIde)
 DRV - [2001-08-17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cm​dide.sys -- (CmdIde)
 DRV - [2001-08-17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SO​NYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
 DRV - [2001-08-17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\se​rscan.sys -- (StillCam)
 DRV - [2001-02-28 13:42:44 | 00,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Mr​tRate.sys -- (mrtRate)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.com/
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
 FF - HKLM\software\mozilla\Firefox\​Extensions\\{B255D79A-92C2-436​C-9122-FF97E3D9112F}: C:\Documents and Settings\Eric\Local Settings\Application Data\{B255D79A-92C2-436C-9122-​FF97E3D9112F} [2009-10-20 06:09:21 | 00,000,000 | ---D | M]
 
 [2009-06-19 22:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions
 [2009-06-19 22:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions\mozswi​ng@mozswing.org
 
 O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\et​c\HOSTS
 O1 - Hosts: 127.0.0.1 localhost
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859D​F00B1D6} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - No CLSID value found.
 O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWn​d.exe (Brother Industries, Ltd.)
 O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\b​rctrcen.exe (Brother Industries, Ltd.)
 O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\Index​Search.exe (Nuance Communications, Inc.)
 O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd4​0nt.exe (Nuance Communications, Inc.)
 O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\​Ereg.exe (Nuance Communications, Inc.)
 O4 - HKLM..\Run: [QAGENT] C:\Program Files\QUICKENW\qagent.exe ()
 O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
 O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.ex​e ()
 O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupda​te.exe (Nuance Communications, Inc.)
 O4 - HKCU..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe (iISoftware)
 O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
 O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe (Adobe Systems Incorporated)
 O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\F​lash\FlashUtil10c.exe (Adobe Systems, Inc.)
 O4 - HKCU..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\S​hockwave 10\PostUpdate.exe ()
 O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
 O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Assistan​t Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.​exe (Motive Communications, Inc.)
 O6 - HKLM\Software\Policies\Microso​ft\Internet Explorer\Restrictions present
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoCDBurning = 0
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDriveTypeAutoRun = 323
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDrives = 0
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDriveAutoRun = 67108863
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: HonorAutoRunSetting = 1
 O7 - HKCU\Software\Policies\Microso​ft\Internet Explorer\Control Panel present
 O7 - HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDrives = 0
 O7 - HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDriveAutoRun = 67108863
 O7 - HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDriveTypeAutoRun = 323
 O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe ()
 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - C:\Program Files\PartyGaming\PartyPoker\R​unApp.exe ()
 O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - C:\Program Files\PartyGaming\PartyPoker\R​unApp.exe ()
 O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-80074​9B94EED} - c:\program files\PartyGaming.net\PartyPok​erNet\RunPF.exe File not found
 O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-80074​9B94EED} - c:\program files\PartyGaming.net\PartyPok​erNet\RunPF.exe File not found
 O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
 O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} http://webscanner.kaspersky.fr [...] nicode.cab (CKAVWebScan Object)
 O16 - DPF: {166B1BCA-3F9C-11CF-8075-44455​3540000} http://download.macromedia.com [...] tor/sw.cab (Shockwave ActiveX Control)
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
 O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E​1C7116C} http://files.ea.com/downloads/ [...] ARTP8X.cab (EARTPatch8X Class)
 O16 - DPF: {3D3B42C2-11BF-4732-A304-A0138​4B70D68} http://picasaweb.google.com/s/ [...] oader2.cab (UploadListView Class)
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} http://download.bitdefender.co [...] oscan8.cab (BDSCANONLINE Control)
 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11​451AFC5} http://download.eset.com/speci [...] canner.cab (OnlineScanner Control)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_13)
 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C} http://fpdownload.macromedia.c [...] rashim.cab (Reg Error: Key error.)
 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F​29E09E1} http://acs.pandasoftware.com/a [...] asinst.cab (ActiveScan Installer Class)
 O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDE​FFEDCBA} http://java.sun.com/products/p [...] s-i586.cab (Java Plug-in 1.4.2_05)
 O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_02)
 O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_13)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_13)
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} http://download.macromedia.com [...] wflash.cab (Shockwave Flash Object)
 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF​37916A7} http://platformdl.adobe.com/NO [...] 1.6/gp.cab (Reg Error: Key error.)
 O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes​\dajava.cab (Reg Error: Key error.)
 O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes​\xmldso.cab (Reg Error: Key error.)
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.d​ll (ATI Technologies Inc.)
 O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll -  File not found
 O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2​D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2003-05-27 10:56:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - comfile [open] -- "%1" %*
 O35 - exefile [open] -- "%1" %*
 
 NetSvcs: 6to4 -  File not found
 NetSvcs: Ias - C:\WINDOWS\system32\ias [2003-10-27 10:16:23 | 00,000,000 | ---D | M]
 NetSvcs: Iprip -  File not found
 NetSvcs: Irmon -  File not found
 NetSvcs: NWCWorkstation -  File not found
 NetSvcs: Nwsapagent -  File not found
 NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
 NetSvcs: WmdmPmSp -  File not found
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2009-12-22 19:58:15 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
 [2009-12-16 22:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Recent
 [2009-12-13 17:36:48 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\r​undll32.exe
 [2009-12-13 02:01:10 | 00,000,000 | -HSD | C] -- C:\RECYCLER
 [2009-12-13 01:55:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
 [2009-12-13 01:42:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
 [2009-12-13 01:42:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
 [2009-12-13 01:42:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
 [2009-12-13 01:42:18 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
 [2009-12-13 01:11:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\ifevsb
 [2009-12-03 23:35:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mb​amswissarmy.sys
 [2009-12-03 23:35:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mb​am.sys
 [2009-12-03 23:34:59 | 04,844,296 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup.exe
 [2009-11-23 22:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Google
 [2009-11-23 22:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
 [2009-11-23 22:36:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Temp
 [2009-11-23 22:35:39 | 00,000,000 | ---D | C] -- C:\Program Files\Google
 [2009-11-23 22:35:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google
 [2009-08-24 17:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Applicat​ion Data\Adobe
 [2007-01-22 13:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
 [2007-01-22 13:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Applicat​ion Data\Help
 [2006-03-31 17:44:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Applic​ation Data\Microsoft
 [2006-02-07 13:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Applic​ation Data\Symantec
 [2004-10-09 12:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
 [2004-07-12 21:58:13 | 16,706,160 | ---- | C] (Netopsystems AG) -- C:\Program Files\AdbeRdr60_enu_full.exe
 [2003-10-27 10:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
 [2003-10-27 10:17:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Applicat​ion Data\Microsoft
 [1 C:\WINDOWS\System32\dllcache\*​.tmp files -> C:\WINDOWS\System32\dllcache\*​.tmp -> ]
 
 ========== Files - Modified Within 30 Days ==========
 
 [2009-12-22 19:58:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
 [2009-12-22 02:20:16 | 00,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
 [2009-12-21 23:38:44 | 00,000,018 | ---- | M] () -- C:\Documents and Settings\Eric\iidelonb.ini
 [2009-12-19 19:10:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 [2009-12-19 19:09:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
 [2009-12-19 19:09:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
 [2009-12-19 19:08:59 | 26,796,8512 | -HS- | M] () -- C:\hiberfil.sys
 [2009-12-18 21:16:39 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E​0D61DEA3FDF.ini
 [2009-12-14 22:50:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
 [2009-12-14 20:21:42 | 06,553,600 | ---- | M] () -- C:\Documents and Settings\Eric\NTUSER.DAT
 [2009-12-14 20:21:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Eric\ntuser.ini
 [2009-12-13 17:39:47 | 00,001,429 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\SonicSta​ge.lnk
 [2009-12-13 01:50:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
 [2009-12-13 01:41:42 | 03,850,336 | R--- | M] () -- C:\Documents and Settings\Eric\Desktop\ComboFix​.exe
 [2009-12-10 18:02:16 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\av​gntflt.sys
 [2009-12-09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
 [2009-12-08 21:05:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 [2009-12-07 21:27:54 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\et​c\HOSTS
 [2009-12-03 23:35:46 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
 [2009-12-03 23:35:13 | 04,844,296 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup.exe
 [2009-12-03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mb​amswissarmy.sys
 [2009-12-03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mb​am.sys
 [2009-11-23 22:35:53 | 00,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateT​askMachineCore.job
 [1 C:\WINDOWS\System32\dllcache\*​.tmp files -> C:\WINDOWS\System32\dllcache\*​.tmp -> ]
 
 ========== Files Created - No Company Name ==========
 
 [2009-12-22 02:20:16 | 00,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
 [2009-12-13 17:39:47 | 00,001,429 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\SonicSta​ge.lnk
 [2009-12-13 01:57:10 | 26,796,8512 | -HS- | C] () -- C:\hiberfil.sys
 [2009-12-13 01:42:18 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
 [2009-12-13 01:42:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
 [2009-12-13 01:42:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
 [2009-12-13 01:42:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
 [2009-12-03 23:35:46 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
 [2009-11-30 21:41:38 | 03,850,336 | R--- | C] () -- C:\Documents and Settings\Eric\Desktop\ComboFix​.exe
 [2009-11-23 22:35:53 | 00,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateT​askMachineCore.job
 [2009-11-01 10:33:23 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Equalizer
 [2009-11-01 10:33:23 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Echo
 [2009-10-04 12:51:10 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Filter
 [2009-10-04 12:51:10 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\Eric\Application Data\Extensions
 [2009-10-04 12:51:10 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
 [2009-10-04 12:44:25 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
 [2009-10-04 12:44:25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\Error Handlers
 [2009-08-30 12:08:30 | 00,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
 [2009-08-30 12:08:30 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
 [2009-08-30 12:07:09 | 00,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
 [2009-08-30 12:07:09 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
 [2009-08-30 12:03:53 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
 [2009-08-30 12:03:48 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.d​ll
 [2009-08-30 11:38:22 | 00,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini
 [2008-09-29 21:44:10 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
 [2008-06-28 00:42:16 | 00,001,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 [2007-11-14 17:02:09 | 00,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
 [2007-10-25 10:26:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
 [2007-07-25 21:53:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.d​ll
 [2007-07-25 21:49:28 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExt​Type.dll
 [2006-10-13 06:31:05 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.d​ll
 [2006-08-13 12:33:23 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
 [2006-07-28 14:45:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
 [2006-07-23 23:15:04 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
 [2006-01-03 09:53:33 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
 [2006-01-03 09:53:33 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
 [2005-12-17 12:29:16 | 00,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
 [2005-08-20 07:53:12 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
 [2005-08-20 07:53:12 | 00,033,856 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
 [2005-08-20 07:51:55 | 00,000,049 | ---- | C] () -- C:\WINDOWS\Pliages.ini
 [2005-03-28 17:24:21 | 00,001,589 | ---- | C] () -- C:\WINDOWS\disney.ini
 [2005-03-28 17:24:17 | 00,000,198 | ---- | C] () -- C:\WINDOWS\disneysy.ini
 [2005-03-28 16:30:37 | 00,000,109 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
 [2005-03-21 21:50:27 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\EPhotoWin.​dll
 [2004-12-27 09:52:26 | 00,006,632 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\ViewerApp.dat
 [2004-12-25 08:55:10 | 00,000,101 | ---- | C] () -- C:\WINDOWS\ka.ini
 [2004-02-01 17:57:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
 [2004-02-01 15:58:56 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.d​ll
 [2004-01-20 10:26:53 | 00,000,087 | ---- | C] () -- C:\WINDOWS\webica.ini
 [2004-01-16 21:39:03 | 00,000,307 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
 [2004-01-16 21:38:30 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
 [2004-01-16 21:38:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
 [2004-01-16 21:38:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
 [2004-01-07 23:12:45 | 00,000,104 | ---- | C] () -- C:\WINDOWS\QHI.INI
 [2004-01-06 01:28:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
 [2004-01-04 23:53:06 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
 [2004-01-04 01:32:26 | 00,001,433 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
 [2004-01-04 01:32:26 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
 [2004-01-03 17:09:10 | 00,000,519 | ---- | C] () -- C:\WINDOWS\lexstat.ini
 [2004-01-03 16:24:27 | 00,002,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\sy​mlcbrd.sys
 [2004-01-03 15:55:57 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E​0D61DEA3FDF.ini
 [2003-10-29 19:00:00 | 00,205,312 | ---- | C] () -- C:\WINDOWS\System32\patchw32.d​ll
 [2003-05-27 11:27:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
 [2003-05-27 11:07:59 | 00,000,120 | ---- | C] () -- C:\WINDOWS\picturific.ini
 [2003-05-27 10:43:19 | 00,001,534 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.in​i
 [1999-01-22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.D​LL
 [1998-10-10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.d​ll
 
 ========== Custom Scans ==========
 
 
 < %SYSTEMDRIVE%\*.*  >
 [2003-05-27 10:56:52 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
 [2005-06-06 14:05:55 | 00,000,211 | ---- | M] () -- C:\Boot.bak
 [2008-11-12 22:16:37 | 00,000,281 | RHS- | M] () -- C:\boot.ini
 [2007-12-19 09:34:28 | 43,238,841 | ---- | M] () -- C:\C.A. Convention d'amitié.wmv
 [2004-08-03 23:00:00 | 00,260,272 | ---- | M] () -- C:\cmldr
 [2009-12-19 19:08:59 | 26,796,8512 | -HS- | M] () -- C:\hiberfil.sys
 [2003-05-27 10:56:52 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
 [2003-05-27 10:56:52 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
 [2004-10-09 11:36:31 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
 [2008-10-10 20:20:18 | 00,250,048 | RHS- | M] () -- C:\ntldr
 [2009-12-20 14:42:39 | 42,886,7584 | -HS- | M] () -- C:\pagefile.sys
 [2009-12-16 22:36:37 | 00,001,734 | ---- | M] () -- C:\TCleaner.txt
 
 < %SYSTEMDRIVE%\*.exe  >
 
 < %PROGRAMFILES%\*.*  >
 [2004-07-12 21:59:07 | 16,706,160 | ---- | M] (Netopsystems AG) -- C:\Program Files\AdbeRdr60_enu_full.exe
 [2009-12-03 23:35:13 | 04,844,296 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup.exe
 
 < %PROGRAMFILES%\*.  >
 [2005-12-25 08:26:52 | 00,000,000 | ---D | M] -- C:\Program Files\Activision
 [2009-05-31 19:07:45 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
 [2006-07-22 18:08:09 | 00,000,000 | ---D | M] -- C:\Program Files\Ahead
 [2008-06-24 21:41:16 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
 [2009-10-04 12:39:17 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
 [2005-06-05 20:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\AssistantInternet
 [2004-01-03 16:11:46 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
 [2009-05-31 12:01:54 | 00,000,000 | ---D | M] -- C:\Program Files\Avira
 [2004-12-25 08:53:22 | 00,000,000 | ---D | M] -- C:\Program Files\Barbie(TM)
 [2009-08-30 12:04:14 | 00,000,000 | ---D | M] -- C:\Program Files\Brother
 [2009-05-31 19:10:03 | 00,000,000 | ---D | M] -- C:\Program Files\Call of Duty
 [2004-01-20 10:26:38 | 00,000,000 | ---D | M] -- C:\Program Files\Citrix
 [2009-12-13 01:47:38 | 00,000,000 | R--D | M] -- C:\Program Files\Common Files
 [2003-10-27 10:18:53 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
 [2009-08-30 14:40:00 | 00,000,000 | ---D | M] -- C:\Program Files\Dirou
 [2005-03-28 17:25:04 | 00,000,000 | ---D | M] -- C:\Program Files\Disney Interactive
 [2007-08-28 20:33:56 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
 [2009-05-31 19:08:48 | 00,000,000 | ---D | M] -- C:\Program Files\EA GAMES
 [2005-06-19 14:48:14 | 00,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
 [2009-10-23 17:44:47 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
 [2003-10-27 10:18:58 | 00,000,000 | ---D | M] -- C:\Program Files\Future Photo
 [2009-12-22 02:19:39 | 00,000,000 | ---D | M] -- C:\Program Files\Google
 [2004-04-07 22:40:54 | 00,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
 [2009-05-28 21:26:23 | 00,000,000 | ---D | M] -- C:\Program Files\iISystem Wiper
 [2009-10-04 12:39:16 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
 [2009-12-08 21:05:03 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
 [2009-07-26 21:59:38 | 00,000,000 | ---D | M] -- C:\Program Files\Java
 [2004-08-07 21:46:23 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
 [2005-06-19 14:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
 [2009-12-04 17:58:56 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
 [2008-10-11 16:07:29 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
 [2006-03-10 22:35:06 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
 [2004-01-06 01:30:21 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
 [2009-05-31 21:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
 [2004-01-06 01:27:30 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
 [2008-06-01 13:35:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mindscape
 [2005-06-05 20:37:46 | 00,000,000 | ---D | M] -- C:\Program Files\Motive
 [2008-10-10 20:38:18 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
 [2009-09-13 19:36:26 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
 [2004-01-17 18:42:22 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
 [2003-10-27 10:19:00 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
 [2009-09-01 20:00:37 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
 [2006-08-31 09:21:54 | 00,000,000 | ---D | M] -- C:\Program Files\MyFirstKd
 [2005-06-05 20:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\NetAssistant
 [2008-10-10 20:28:16 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
 [2009-11-01 10:33:27 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon
 [2004-01-04 09:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\NovaLogic
 [2009-08-30 11:39:10 | 00,000,000 | ---D | M] -- C:\Program Files\Nuance
 [2003-10-27 10:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
 [2009-08-14 00:16:43 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
 [2009-10-18 17:55:37 | 00,000,000 | ---D | M] -- C:\Program Files\PartyGaming
 [2006-02-26 19:05:35 | 00,000,000 | ---D | M] -- C:\Program Files\PartyPoker.net
 [2006-07-28 14:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\PCFriendly
 [2005-08-20 07:51:50 | 00,000,000 | ---D | M] -- C:\Program Files\PLIAGES
 [2007-11-17 12:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\QUICKENW
 [2009-10-04 12:42:57 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
 [2009-08-30 11:36:36 | 00,000,000 | ---D | M] -- C:\Program Files\ScanSoft
 [2004-01-06 01:30:56 | 00,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
 [2005-12-27 08:15:12 | 00,000,000 | ---D | M] -- C:\Program Files\Sony
 [2005-12-27 08:15:02 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
 [2006-01-03 10:04:12 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
 [2009-05-31 19:18:37 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
 [2009-12-16 22:36:12 | 00,000,000 | ---D | M] -- C:\Program Files\trend micro
 [2004-07-05 22:26:27 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
 [2004-01-18 00:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\Visual Networks
 [2006-10-13 07:14:24 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
 [2008-10-10 20:27:40 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
 [2008-10-10 20:27:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
 [2004-08-10 21:07:19 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
 [2004-04-04 23:06:23 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip
 [2003-10-27 10:19:09 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
 [2005-10-20 22:36:15 | 00,000,000 | ---D | M] -- C:\Program Files\xp-AntiSpy
 [2006-11-12 19:31:05 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
 
 
 < MD5 for: AGP440.SYS  >
 [2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F3283​34E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.​sys
 [2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F3283​34E3D7 -- C:\WINDOWS\ServicePackFiles\i3​86\agp440.sys
 [2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F3283​34E3D7 -- C:\WINDOWS\system32\drivers\ag​p440.sys
 [2004-08-04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27​D8D4BB -- C:\WINDOWS\$NtServicePackUnins​tall$\agp440.sys
 [2004-08-04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27​D8D4BB -- C:\WINDOWS\system32\ReinstallB​ackups\0010\DriverFiles\i386\A​GP440.SYS
 
 < MD5 for: ATAPI.SYS  >
 [2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712C​FA2674 -- C:\WINDOWS\ERDNT\cache\atapi.s​ys
 [2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712C​FA2674 -- C:\WINDOWS\ServicePackFiles\i3​86\atapi.sys
 [2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712C​FA2674 -- C:\WINDOWS\system32\drivers\at​api.sys
 [2004-08-04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA9​2DAC51 -- C:\WINDOWS\$NtServicePackUnins​tall$\atapi.sys
 
 < MD5 for: AUTOCHK.EXE  >
 [2008-04-13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B68​0863B4 -- C:\cmdcons\autochk.exe
 [2008-04-13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B68​0863B4 -- C:\WINDOWS\ServicePackFiles\i3​86\autochk.exe
 [2008-04-13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B68​0863B4 -- C:\WINDOWS\system32\autochk.ex​e
 [2004-08-04 02:56:47 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED0​96C38C -- C:\WINDOWS\$NtServicePackUnins​tall$\autochk.exe
 [2002-08-29 07:00:00 | 00,565,760 | ---- | M] (Microsoft Corporation) MD5=C29EA308913FEC2AF4F977EF71​8A3574 -- C:\WINDOWS\I386\AUTOCHK.EXE
 
 < MD5 for: BEEP.SYS  >
 [2001-08-28 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7​B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sy​s
 [2001-08-28 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7​B685E9 -- C:\WINDOWS\system32\drivers\be​ep.sys
 
 < MD5 for: EVENTLOG.DLL  >
 [2008-04-13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F056​5AA656 -- C:\WINDOWS\ServicePackFiles\i3​86\eventlog.dll
 [2004-08-04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A​2A5B78 -- C:\WINDOWS\$NtServicePackUnins​tall$\eventlog.dll
 
 < MD5 for: EXPLORER.EXE  >
 [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAE​DC9923 -- C:\WINDOWS\ERDNT\cache\explore​r.exe
 [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAE​DC9923 -- C:\WINDOWS\explorer.exe
 [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAE​DC9923 -- C:\WINDOWS\ServicePackFiles\i3​86\explorer.exe
 [2007-06-13 06:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD​5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\S​P2QFE\explorer.exe
 [2007-06-13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375​B2EA87 -- C:\WINDOWS\$NtServicePackUnins​tall$\explorer.exe
 [2004-08-04 02:56:49 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436​565E64 -- C:\WINDOWS\$NtUninstallKB93882​8$\explorer.exe
 
 < MD5 for: IMM32.DLL  >
 [2008-04-13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6​A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.d​ll
 [2008-04-13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6​A8BF8F -- C:\WINDOWS\ServicePackFiles\i3​86\imm32.dll
 [2008-04-13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6​A8BF8F -- C:\WINDOWS\system32\imm32.dll
 [2004-08-04 02:56:42 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D65​56D66D -- C:\WINDOWS\$NtServicePackUnins​tall$\imm32.dll
 
 < MD5 for: KERNEL32.DLL  >
 [2007-04-16 11:07:27 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7A​B66C03 -- C:\WINDOWS\$hf_mig$\KB935839\S​P2QFE\kernel32.dll
 [2006-07-05 05:57:10 | 00,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC7​6CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\S​P2QFE\kernel32.dll
 [2004-08-04 02:56:42 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D08​7146EB -- C:\WINDOWS\$NtUninstallKB91742​2$\kernel32.dll
 [2007-04-16 10:52:53 | 00,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174​D6419D -- C:\WINDOWS\$NtServicePackUnins​tall$\kernel32.dll
 [2009-03-21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBB​BE95F3 -- C:\WINDOWS\ERDNT\cache\kernel3​2.dll
 [2009-03-21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBB​BE95F3 -- C:\WINDOWS\system32\dllcache\k​ernel32.dll
 [2009-03-21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBB​BE95F3 -- C:\WINDOWS\system32\kernel32.d​ll
 [2008-04-13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC384​77971D -- C:\WINDOWS\$NtUninstallKB95942​6$\kernel32.dll
 [2008-04-13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC384​77971D -- C:\WINDOWS\ServicePackFiles\i3​86\kernel32.dll
 [2006-07-05 05:55:01 | 00,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D2​3B3AD4 -- C:\WINDOWS\$NtUninstallKB93583​9$\kernel32.dll
 [2009-03-21 08:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C1​3F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\S​P3QFE\kernel32.dll
 
 < MD5 for: LOGEVENT.DLL  >
 [2008-04-13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F056​5AA656 -- C:\WINDOWS\system32\logevent.d​ll
 
 < MD5 for: MSWSOCK.DLL  >
 [2008-06-20 12:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01​B52637 -- C:\WINDOWS\$NtServicePackUnins​tall$\mswsock.dll
 [2008-06-20 12:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AE​A0317A -- C:\WINDOWS\$hf_mig$\KB951748\S​P2QFE\mswsock.dll
 [2004-08-04 02:56:44 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940C​FD1184 -- C:\WINDOWS\$NtUninstallKB95174​8_0$\mswsock.dll
 [2008-06-20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837C​B1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\S​P3GDR\mswsock.dll
 [2008-06-20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837C​B1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock​.dll
 [2008-06-20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837C​B1ED20 -- C:\WINDOWS\system32\dllcache\m​swsock.dll
 [2008-06-20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837C​B1ED20 -- C:\WINDOWS\system32\mswsock.dl​l
 [2008-04-13 19:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE9​8A0746 -- C:\WINDOWS\$NtUninstallKB95174​8$\mswsock.dll
 [2008-04-13 19:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE9​8A0746 -- C:\WINDOWS\ServicePackFiles\i3​86\mswsock.dll
 [2008-06-20 12:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706​D28388 -- C:\WINDOWS\$hf_mig$\KB951748\S​P3QFE\mswsock.dll
 
 < MD5 for: NDIS.SYS  >
 [2008-04-13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE717​21130D -- C:\WINDOWS\ERDNT\cache\ndis.sy​s
 [2008-04-13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE717​21130D -- C:\WINDOWS\ServicePackFiles\i3​86\ndis.sys
 [2008-04-13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE717​21130D -- C:\WINDOWS\system32\drivers\nd​is.sys
 [2004-08-04 01:14:28 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9​B6959E -- C:\WINDOWS\$NtServicePackUnins​tall$\ndis.sys
 
 < MD5 for: NETLOGON.DLL  >
 [2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E​1E4550 -- C:\WINDOWS\ERDNT\cache\netlogo​n.dll
 [2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E​1E4550 -- C:\WINDOWS\ServicePackFiles\i3​86\netlogon.dll
 [2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E​1E4550 -- C:\WINDOWS\system32\netlogon.d​ll
 [2004-08-04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C65​07015A -- C:\WINDOWS\$NtServicePackUnins​tall$\netlogon.dll
 
 < MD5 for: NTFS.SYS  >
 [2007-02-09 06:23:36 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C14​7CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\S​P2QFE\ntfs.sys
 [2007-02-09 06:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE10​7FF1AF -- C:\WINDOWS\$NtServicePackUnins​tall$\ntfs.sys
 [2008-04-13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01​C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sy​s
 [2008-04-13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01​C5CDCA -- C:\WINDOWS\ServicePackFiles\i3​86\ntfs.sys
 [2008-04-13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01​C5CDCA -- C:\WINDOWS\system32\drivers\nt​fs.sys
 [2004-08-03 23:15:10 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876​951CDD -- C:\cmdcons\NTFS.SYS
 [2004-08-04 01:15:09 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876​951CDD -- C:\WINDOWS\$NtUninstallKB93091​6$\ntfs.sys
 [2002-08-29 07:00:00 | 00,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD​62BC55 -- C:\WINDOWS\I386\NTFS.SYS
 
 < MD5 for: NTMSSVC.DLL  >
 [2008-04-13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D​10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc​.dll
 [2008-04-13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D​10BC08 -- C:\WINDOWS\ServicePackFiles\i3​86\ntmssvc.dll
 [2008-04-13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D​10BC08 -- C:\WINDOWS\system32\ntmssvc.dl​l
 [2004-08-04 02:56:44 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D​85EA0F -- C:\WINDOWS\$NtServicePackUnins​tall$\ntmssvc.dll
 
 < MD5 for: PROQUOTA.EXE  >
 [2004-08-04 02:56:55 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B71​18E2A4 -- C:\WINDOWS\$NtServicePackUnins​tall$\proquota.exe
 [2008-04-13 19:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124​148FA8 -- C:\WINDOWS\ServicePackFiles\i3​86\proquota.exe
 [2008-04-13 19:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124​148FA8 -- C:\WINDOWS\system32\proquota.e​xe
 
 < MD5 for: QMGR.DLL  >
 [2004-08-04 02:56:44 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F33​8FCCEA -- C:\WINDOWS\$NtServicePackUnins​tall$\qmgr.dll
 [2008-04-13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5​691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dl​l
 [2008-04-13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5​691314 -- C:\WINDOWS\ServicePackFiles\i3​86\qmgr.dll
 [2008-04-13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5​691314 -- C:\WINDOWS\system32\bits\qmgr.​dll
 [2008-04-13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5​691314 -- C:\WINDOWS\system32\qmgr.dll
 [2002-08-29 07:00:00 | 00,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F5522237​69C8A7 -- C:\WINDOWS\$NtUninstallKB84277​3$\qmgr.dll
 
 < MD5 for: SCECLI.DLL  >
 [2004-08-04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2​ABF19A -- C:\WINDOWS\$NtServicePackUnins​tall$\scecli.dll
 [2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E70​85A084 -- C:\WINDOWS\ERDNT\cache\scecli.​dll
 [2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E70​85A084 -- C:\WINDOWS\ServicePackFiles\i3​86\scecli.dll
 [2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E70​85A084 -- C:\WINDOWS\system32\scecli.dll
 
 < MD5 for: SFCFILES.DLL  >
 [2004-08-04 02:56:45 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A43​2BE7F2 -- C:\WINDOWS\$NtServicePackUnins​tall$\sfcfiles.dll
 [2008-04-13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D​29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfile​s.dll
 [2008-04-13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D​29CE79 -- C:\WINDOWS\ServicePackFiles\i3​86\sfcfiles.dll
 [2008-04-13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D​29CE79 -- C:\WINDOWS\system32\sfcfiles.d​ll
 
 < MD5 for: SPOOLSV.EXE  >
 [2004-08-04 02:56:57 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59​C8E717 -- C:\WINDOWS\$NtUninstallKB89642​3$\spoolsv.exe
 [2005-06-10 19:17:13 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FF​BB4788 -- C:\WINDOWS\$hf_mig$\KB896423\S​P2QFE\spoolsv.exe
 [2008-04-13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBA​C7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv​.exe
 [2008-04-13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBA​C7FA3B -- C:\WINDOWS\ServicePackFiles\i3​86\spoolsv.exe
 [2008-04-13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBA​C7FA3B -- C:\WINDOWS\system32\spoolsv.ex​e
 [2005-06-10 18:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D4​09AF9F -- C:\WINDOWS\$NtServicePackUnins​tall$\spoolsv.exe
 
 < MD5 for: SVCHOST.EXE  >
 [2008-04-13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8​BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost​.exe
 [2008-04-13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8​BE3E18 -- C:\WINDOWS\ServicePackFiles\i3​86\svchost.exe
 [2008-04-13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8​BE3E18 -- C:\WINDOWS\system32\svchost.ex​e
 [2004-08-04 02:56:57 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146​DE6716 -- C:\WINDOWS\$NtServicePackUnins​tall$\svchost.exe
 
 < MD5 for: TERMSRV.DLL  >
 [2004-08-04 02:56:46 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04A​DF16E6 -- C:\WINDOWS\$NtServicePackUnins​tall$\termsrv.dll
 [2008-04-13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684​B3479F -- C:\WINDOWS\ERDNT\cache\termsrv​.dll
 [2008-04-13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684​B3479F -- C:\WINDOWS\ServicePackFiles\i3​86\termsrv.dll
 [2008-04-13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684​B3479F -- C:\WINDOWS\system32\termsrv.dl​l
 
 < MD5 for: USERINIT.EXE  >
 [2004-08-04 02:56:57 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE5​0D2AFF -- C:\WINDOWS\$NtServicePackUnins​tall$\userinit.exe
 [2008-04-13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7​380F89 -- C:\WINDOWS\ERDNT\cache\userini​t.exe
 [2008-04-13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7​380F89 -- C:\WINDOWS\ServicePackFiles\i3​86\userinit.exe
 [2008-04-13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7​380F89 -- C:\WINDOWS\system32\userinit.e​xe
 
 < MD5 for: VIASRAID.SYS  >
 [2003-06-12 19:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C​14004B -- C:\PnPDrivers\viasraid.sys
 
 < MD5 for: WS2_32.DLL  >
 [2008-04-13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA172658​0A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.​dll
 [2008-04-13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA172658​0A3E5A -- C:\WINDOWS\ServicePackFiles\i3​86\ws2_32.dll
 [2008-04-13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA172658​0A3E5A -- C:\WINDOWS\system32\ws2_32.dll
 [2004-08-04 02:56:46 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA​0EC2B2 -- C:\WINDOWS\$NtServicePackUnins​tall$\ws2_32.dll
 
 < MD5 for: XMLPROV.DLL  >
 [2008-04-13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1​F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov​.dll
 [2008-04-13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1​F892B9 -- C:\WINDOWS\ServicePackFiles\i3​86\xmlprov.dll
 [2008-04-13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1​F892B9 -- C:\WINDOWS\system32\xmlprov.dl​l
 [2004-08-04 02:56:46 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C9​9E2959 -- C:\WINDOWS\$NtServicePackUnins​tall$\xmlprov.dll
 
 < %systemroot%\*. /mp /s  >
 
 < c:\$recycle.bin\*.* /s >
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
 < End of report >

 OTM est gele.  Je n'ai qu'un seul rapport

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 23/12/2009 à 04:31:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Duskin


 Faire un scan de ce fichier iidelonb.ini ici :

 http://www.virustotal.com/fr/


 Clique sur Parcourir et copie/colle ceci :
 C:\Documents and Settings\Eric\iidelonb.ini

 Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.

 Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
 Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.

 Poste le résultat au complet

 Aide : http://bibou0007.com/scans-en- [...] l-t190.htm


 -----


 Double-clique sur SystemLook.exe pour le lancer.

 - Copie le contenu du cadre ci-dessous et colle-le dans la zone texte de SystemLook :
 



 :dir
 C:\Documents and Settings\Eric\Local Settings\Application Data\ifevsb /s
 C:\WINDOWS\system32\ias /s



 - Clique sur le bouton Look pour démarrer l'examen.
 - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.


 @++   :)

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 26/12/2009 à 14:49:56  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede / Joyeux noel !!!

 Antivirus Version Dernière mise à jour Résultat
 a-squared 4.5.0.43 2009.12.26 -
 AhnLab-V3 5.0.0.2 2009.12.26 -
 AntiVir 7.9.1.122 2009.12.25 -
 Antiy-AVL 2.0.3.7 2009.12.25 -
 Authentium 5.2.0.5 2009.12.26 -
 Avast 4.8.1351.0 2009.12.26 -
 AVG 8.5.0.430 2009.12.26 -
 BitDefender 7.2 2009.12.26 -
 CAT-QuickHeal 10.00 2009.12.26 -
 ClamAV 0.94.1 2009.12.26 -
 Comodo 3375 2009.12.26 -
 DrWeb 5.0.1.12222 2009.12.26 -
 eSafe 7.0.17.0 2009.12.24 -
 eTrust-Vet 35.1.7198 2009.12.25 -
 F-Prot 4.5.1.85 2009.12.26 -
 F-Secure 9.0.15370.0 2009.12.26 -
 Fortinet 4.0.14.0 2009.12.26 -
 GData 19 2009.12.26 -
 Ikarus T3.1.1.79.0 2009.12.26 -
 Jiangmin 13.0.900 2009.12.26 -
 K7AntiVirus 7.10.931 2009.12.26 -
 Kaspersky 7.0.0.125 2009.12.26 -
 McAfee 5842 2009.12.24 -
 McAfee+Artemis 5842 2009.12.24 -
 McAfee-GW-Edition 6.8.5 2009.12.26 -
 Microsoft 1.5302 2009.12.26 -
 NOD32 4716 2009.12.25 -
 Norman 6.04.03 2009.12.26 -
 nProtect 2009.1.8.0 2009.12.26 -
 Panda 10.0.2.2 2009.12.15 -
 PCTools 7.0.3.5 2009.12.26 -
 Prevx 3.0 2009.12.26 -
 Rising 22.27.05.04 2009.12.26 -
 Sophos 4.49.0 2009.12.25 -
 Sunbelt 3.2.1858.2 2009.12.26 -
 Symantec 1.4.4.12 2009.12.26 -
 TheHacker 6.5.0.3.111 2009.12.25 -
 TrendMicro 9.120.0.1004 2009.12.26 -
 VBA32 3.12.12.0 2009.12.26 -
 ViRobot 2009.12.26.2109 2009.12.26 -
 VirusBuster 5.0.21.0 2009.12.25 -
 Information additionnelle
 File size: 18 bytes
 MD5...: c88162e4f1f3562ab88a9b58aeff50​ef
 SHA1..: 835ce013ef726a5c77a258bd2b9dc8​a50a40024f
 SHA256: 26b8b3a53e497de1b317edc58b0325​681e71070441fcfa022ceec88b86cc​c84b
 ssdeep: 3:fo0LBAaXov:fdAZv
 
 PEiD..: -
 PEInfo: -
 RDS...: NSRL Reference Data Set
 -
 pdfid.: -
 trid..: Generic INI configuration (100.0%)
 sigcheck:
 publisher....: n/a
 copyright....: n/a
 product......: n/a
 description..: n/a
 original name: n/a
 internal name: n/a
 file version.: n/a
 comments.....: n/a
 signers......: -
 signing date.: -
 verified.....: Unsigned
 
 SystemLook v1.0 by jpshortstuff (29.08.09)
 Log created at 08:49 on 26/12/2009 by Eric (Administrator - Elevation successful)

 ========== dir ==========

 C:\Documents and Settings\Eric\Local Settings\Application Data\ifevsb - Parameters: "/s "

 ---Files---
 None found.

 No folders found.

 C:\WINDOWS\system32\ias - Parameters: "/s"

 ---Files---
 dnary.mdb --a--- 294912 bytes [15:41 27/05/2003] [12:00 29/08/2002]
 ias.mdb --a--- 233472 bytes [15:56 27/05/2003] [12:00 29/08/2002]

 No folders found.

 -=End Of File=-

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 17/01/2010 à 01:34:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dede

 Es tu revenu des fetes ?

duskin
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 09/02/2010 à 13:55:02  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour

 Quand je roule MBAM, il trouve un trojan sur rundll et un backdoor sur rundll32. j'ai déjà supprimé mais en faisant cela, je n'avais plus les rundll de sorte que je pouvais plus rien faire rouler. Dedetraqué m'a accompagné pour retablir le tout mais MBAm trouve toujours ces deux éléments et dédétraqué ne semble plus dispo. mon ordi rame de plus en plus et perd en performance. est ce que c'est lié ?

 Merci à l'avance de votre aide.

 Page :
1

Aller à :
 

Sujets relatifs
[Résolu] mailfinder + Backdoor win 32 pubs qui s'ouvrent quand je suis sur internet [résolu]
Virus ou Spyware Warning spyware you should run your spyware trojan ... Avast.exe n'est une application Win32 valide...
trojan horse!!!! [résolu]trojan dans win32 album photo 2007
besoin d'aide pour supprimer Trojan Win32 encor ce trojan
Plus de sujets relatifs à : Trojan et backdoor sur Run dll (resolu)

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
trojan.downloader:win32\wimad.gen 23
win 32: malware-gen 0
nettoyage pc sous vista 2
win 32: malware-gen 1
Virus clé privée crypto API 1