[abandon] Demande analyse suite contamination

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[abandon] Demande analyse suite contamination

Messagede floh » 19 Fév 2010, 19:49

Bonjour,

Le PC de mon fils a été contaminé par un trojan : le trojan.fakeav.yz sous protection de Bitdefender Internet Security 2010.
Résultat : plusieurs fenêtres d'une fausse contamination impossibles à fermer et redirection vers un site avec une page ressemblant à un antivirus type Microsoft Security Essential. De plus, une navigation très lente sur le net et une impossibilité d'avoir accès aux sites des différents antivirus et surtout le blocage de la màj de BDIS.
Après une analyse système avec BDIS, j'ai supprimé le trojan et nettoyé également le PC avec Malwarebytes.
Les fenêtres du faux antivirus ont disparu mais il reste encore de nombreux problèmes :
- màj bloquée de BDIS
- impossibilité d'avoir accès aux sites des antivirus en ligne ou redirection vers des sites de médicaments (en anglais) ou d'un antispyware

Il doit encore rester des traces de ce fichu trojan mais je ne sais pas comment m'en débarrasser...

Je vous poste le rapport de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:28, on 19/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Laurent\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: IMVU.lnk = C:\Users\Laurent\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA87EFC2-E60C-42CA-9C7C-5ADD1C2599ED}: NameServer = 84.103.237.146,86.64.145.146
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 8949 bytes

Merci d'avance pour votre aide !
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede floh » 21 Fév 2010, 12:54

Bonjour,
n'ayant toujours pas de nouvelles, je me suis renseignée sur hijackthis

J'ai voulu supprimer les deux lignes :
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u.com

Rien de nouveau. Au contraire, le lien vers le site du faux antivirus avec ouverture de fenêtres (pour info : http://swapthis.com/...) a recommencé.
J'ai relancé une nouvelle analyse système avec BDIS :(

PS : c'est ricouz qui m'a envoyé vers vous pour que vous puissiez m'aider ;-)


Édité: désactivation du lien
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede nickW » 21 Fév 2010, 16:19

Bonjour,

HijackThis n'est plus vraiment utile avec les nuisibles d'aujourd'hui.

Peux-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede floh » 21 Fév 2010, 19:24

Oups pardon pour ma bêtise (je pensais que le lien était désactivé)

Bon voilà le rapport de malwarebytes :
Edit : je précise que je n'ai pas pu désactiver totalement BDIS alors j'ai baissé les protections au maximum

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

21/02/2010 18:42:11
mbam-log-2010-02-21 (18-42-11).txt

Type de recherche: Examen rapide
Eléments examinés: 98081
Temps écoulé: 4 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede floh » 21 Fév 2010, 19:25

Rapport OTL.txt :

OTL logfile created on: 21/02/2010 18:46:01 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Laurent\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 73,17 Gb Free Space | 50,71% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 143,91 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 5,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,91 Gb Total Space | 1,58 Gb Free Space | 82,36% Space Free | Partition Type: FAT

Computer Name: LAURENT
Current User Name: Laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/21 17:21:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Laurent\Desktop\OTL.exe
PRC - [2010/02/15 16:25:55 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2010/02/12 17:40:03 | 001,612,616 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/02/12 17:38:59 | 001,087,864 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/30 11:53:33 | 001,120,704 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/01/30 11:52:20 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2010/01/24 09:38:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/05 17:15:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 15:12:52 | 000,189,488 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/07/30 12:54:34 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/04/11 07:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/13 08:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/09/17 22:55:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/05/06 14:53:34 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008/03/26 14:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 03:24:59 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 03:23:32 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/04/29 16:05:08 | 000,434,176 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2007/01/17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
PRC - [2005/08/11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 17:21:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Laurent\Desktop\OTL.exe
MOD - [2010/02/12 17:18:01 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_net.m32
MOD - [2010/02/12 17:18:00 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_extra.m32
MOD - [2010/02/12 17:17:55 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_nt.m32
MOD - [2010/02/12 17:17:52 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_base.m32
MOD - [2010/02/12 17:17:50 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_fragments.m32
MOD - [2010/02/12 17:17:46 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_registry.m32
MOD - [2010/02/12 17:17:45 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010/02/15 15:58:40 | 000,101,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\oko6.dll -- (okosrv)
SRV - [2010/02/12 17:40:03 | 001,612,616 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/01/30 11:52:20 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/11/22 12:51:07 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/11/22 12:47:11 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/31 15:12:52 | 000,189,488 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/07/30 12:54:34 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/03 16:45:17 | 002,862,428 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/17 22:55:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/15 15:58:40 | 000,032,768 | ---- | M] (CMD Technology, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\oko6.sys -- (oko6)
DRV - [2010/02/12 17:39:23 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/01/30 11:53:16 | 000,058,624 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/12/07 16:45:20 | 000,118,536 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/11/22 13:00:12 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/11/22 12:54:58 | 000,072,200 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\BdfNdisf6.sys -- (BdfNdisf)
DRV - [2009/10/04 22:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/09/27 16:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/26 08:09:33 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/07/31 15:13:03 | 000,139,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/07/24 11:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/05/07 03:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2008/05/06 16:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/06 16:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/03/26 19:35:54 | 002,103,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/21 12:21:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/03/04 23:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/03/04 23:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/03/04 23:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/11/06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/07/16 10:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/07/03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/13 21:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/02/15 11:25:52 | 000,215,552 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
IE - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000\S-1-5-21-1662634129-1214900079-3192163735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipédia (fr)"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/02/13 14:54:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 14:54:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 09:39:12 | 000,000,000 | ---D | M]

[2008/09/05 18:33:15 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\mozilla\Extensions
[2010/02/18 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\mozilla\Firefox\Profiles\2jl1drq1.default\extensions
[2009/07/30 12:22:35 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\mozilla\Firefox\Profiles\2jl1drq1.default\extensions\battlefieldheroespatcher@ea.com
[2009/06/22 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\mozilla\Firefox\Profiles\2jl1drq1.default\extensions\keyscrambler@qfx.software.corporation
[2010/02/18 21:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/12/27 15:41:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2010/01/23 13:51:06 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/23 13:51:06 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/23 13:51:06 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/04/21 15:46:56 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/01/23 13:51:06 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/23 13:51:06 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/21 12:45:50 | 000,000,765 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000..\Run: [MsgCenterExe] C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1662634129-1214900079-3192163735-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Laurent\AppData\Roaming\IMVUClient\IMVUClient.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 23:22:16 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{3430f7b2-526d-11dd-a332-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3430f7b2-526d-11dd-a332-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 03:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/02/21 18:03:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/21 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/21 17:59:10 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Laurent\Desktop\OTL.exe
[2010/02/21 17:59:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Laurent\Desktop\erunt-setup.exe
[2010/02/21 17:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/18 15:43:00 | 000,000,000 | ---D | C] -- C:\Users\Laurent\AppData\Roaming\Malwarebytes
[2010/02/18 15:42:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/18 15:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/18 15:42:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/18 15:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/15 16:26:06 | 000,195,584 | ---- | C] (Famatech International Corp.) -- C:\Windows\rdr_1266247563.exe
[2010/02/15 15:58:40 | 000,101,888 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\oko6.dll
[2010/02/15 15:58:40 | 000,032,768 | ---- | C] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\oko6.sys
[2010/02/15 15:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\webserver
[2010/02/13 17:29:54 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2010/02/12 17:09:42 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/12 17:09:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/12 17:09:41 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/12 17:09:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/01/24 09:39:08 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/01/24 09:39:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/01/24 09:39:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/01/24 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/01/24 09:38:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/01/24 09:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/01/24 09:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/01/24 09:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/01/24 09:38:50 | 000,000,000 | ---D | C] -- C:\Users\Laurent\AppData\Roaming\Real
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/21 18:49:20 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2D33DD6F-9677-47DF-A8B8-DBCFB86D1228}.job
[2010/02/21 18:47:10 | 002,359,296 | -HS- | M] () -- C:\Users\Laurent\NTUSER.DAT
[2010/02/21 18:12:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 18:12:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 18:02:47 | 000,000,917 | ---- | M] () -- C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/21 18:02:33 | 000,000,737 | ---- | M] () -- C:\Users\Laurent\Desktop\NTREGOPT.lnk
[2010/02/21 18:02:33 | 000,000,718 | ---- | M] () -- C:\Users\Laurent\Desktop\ERUNT.lnk
[2010/02/21 17:23:12 | 000,130,048 | ---- | M] () -- C:\Users\Laurent\Desktop\procedure contamination.doc
[2010/02/21 17:22:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Laurent\Desktop\erunt-setup.exe
[2010/02/21 17:21:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Laurent\Desktop\OTL.exe
[2010/02/21 12:45:50 | 000,000,765 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/21 12:12:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/21 12:12:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/21 12:12:33 | 2951,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 20:35:21 | 000,524,288 | -HS- | M] () -- C:\Users\Laurent\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/19 20:35:21 | 000,065,536 | -HS- | M] () -- C:\Users\Laurent\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/19 20:35:10 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010/02/19 20:34:59 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2010/02/19 20:34:58 | 003,528,375 | -H-- | M] () -- C:\Users\Laurent\AppData\Local\IconCache.db
[2010/02/18 20:18:40 | 000,000,584 | ---- | M] () -- C:\Users\Laurent\Documents\cc_20100218_201836.reg
[2010/02/18 16:54:38 | 000,000,025 | ---- | M] () -- C:\Users\Laurent\AppData\Roaming\bdfvconp.ini
[2010/02/18 15:42:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 13:19:21 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/18 13:19:21 | 000,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/02/18 13:19:21 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/18 13:19:21 | 000,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/02/18 13:19:21 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/18 13:08:48 | 000,296,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/18 13:07:18 | 000,004,866 | ---- | M] () -- C:\Users\Laurent\Documents\cc_20100218_130713.reg
[2010/02/15 16:26:08 | 000,195,584 | ---- | M] (Famatech International Corp.) -- C:\Windows\rdr_1266247563.exe
[2010/02/15 15:58:40 | 000,101,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\oko6.dll
[2010/02/15 15:58:40 | 000,032,768 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\oko6.sys
[2010/02/15 15:58:25 | 000,000,001 | ---- | M] () -- C:\Windows\conf21113.dat
[2010/02/15 15:35:50 | 000,032,768 | ---- | M] () -- C:\Users\Laurent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 20:51:11 | 000,001,674 | ---- | M] () -- C:\Users\Laurent\Desktop\CCleaner.lnk
[2010/02/13 17:32:18 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Allods Online.lnk
[2010/02/12 17:39:23 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfm.sys
[2010/02/12 17:39:20 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdhv.sys
[2010/02/05 18:21:44 | 000,022,423 | ---- | M] () -- C:\Users\Laurent\Documents\Composition.docx
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_unmip.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_histprot.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010/01/30 12:35:58 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2010/01/24 20:23:13 | 002,089,643 | ---- | M] () -- C:\Users\Laurent\Documents\TPE.docx
[2010/01/24 09:39:10 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/01/24 09:39:08 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/01/24 09:39:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/01/24 09:39:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/01/24 09:38:53 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/01/23 12:59:28 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 18:02:47 | 000,000,917 | ---- | C] () -- C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/21 18:02:33 | 000,000,737 | ---- | C] () -- C:\Users\Laurent\Desktop\NTREGOPT.lnk
[2010/02/21 18:02:33 | 000,000,718 | ---- | C] () -- C:\Users\Laurent\Desktop\ERUNT.lnk
[2010/02/21 17:59:01 | 000,130,048 | ---- | C] () -- C:\Users\Laurent\Desktop\procedure contamination.doc
[2010/02/18 20:18:39 | 000,000,584 | ---- | C] () -- C:\Users\Laurent\Documents\cc_20100218_201836.reg
[2010/02/18 16:54:38 | 000,000,025 | ---- | C] () -- C:\Users\Laurent\AppData\Roaming\bdfvconp.ini
[2010/02/18 15:42:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 13:07:16 | 000,004,866 | ---- | C] () -- C:\Users\Laurent\Documents\cc_20100218_130713.reg
[2010/02/15 19:07:18 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010/02/15 15:58:25 | 000,000,001 | ---- | C] () -- C:\Windows\conf21113.dat
[2010/02/13 17:32:18 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Allods Online.lnk
[2010/02/05 16:09:43 | 000,022,423 | ---- | C] () -- C:\Users\Laurent\Documents\Composition.docx
[2010/01/31 18:35:31 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ashttpstats.csv
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/01/31 10:05:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/01/24 09:39:10 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/01/23 12:59:28 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009/12/02 17:29:34 | 000,000,008 | ---- | C] () -- C:\Users\Laurent\AppData\Roaming\DofusAppId0_2
[2009/12/02 16:21:50 | 000,000,173 | ---- | C] () -- C:\Users\Laurent\AppData\Roaming\D2Info0
[2009/12/02 16:21:50 | 000,000,008 | ---- | C] () -- C:\Users\Laurent\AppData\Roaming\DofusAppId0_1
[2009/09/26 07:46:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/30 12:54:55 | 000,139,016 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/30 12:54:54 | 000,139,152 | ---- | C] () -- C:\Users\Laurent\AppData\Roaming\PnkBstrK.sys
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008/12/25 19:42:35 | 000,000,680 | ---- | C] () -- C:\Users\Laurent\AppData\Local\d3d9caps.dat
[2008/12/01 17:15:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/07 18:13:53 | 000,032,768 | ---- | C] () -- C:\Users\Laurent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 14:06:40 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/07/15 14:06:40 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/03/21 21:27:47 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/21 19:49:26 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/21 19:49:26 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/03/21 12:56:21 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/03/21 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\Acer GameZone Console
[2009/12/02 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\app
[2009/08/27 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\BitDefender
[2010/02/21 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\DNA
[2009/12/06 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\Dofus 2
[2009/12/02 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/12/02 16:21:50 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2008/09/05 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\eSobi
[2009/11/21 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\GetRightToGo
[2009/12/02 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/12/05 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\Laurent\AppData\Roaming\SystemRequirementsLab
[2010/02/19 20:35:09 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/21 18:49:20 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2D33DD6F-9677-47DF-A8B8-DBCFB86D1228}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

<MD5>
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

<MD5>
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

<MD5>
[2009/06/25 15:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

<MD5>
[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_2517c98a\iaStor.sys
[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ef2f01d9\iaStor.sys
[2006/06/13 21:56:40 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\Windows\System32\drivers\iaStor.sys
[2006/06/13 21:56:40 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_d8b4315a\iaStor.sys
[2006/06/13 21:56:40 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_101ee613\iaStor.sys

<MD5>
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

<MD5>
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

<MD5>
[2007/12/08 06:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=6F5BB0B40D251351A913B61BA9D64B3F -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a5207023\nvrd32.sys
[2008/05/06 16:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) MD5=73F84853274C0F633425B102B4EDD631 -- C:\DRV\RaidV2\NVRD32.SYS
[2008/05/06 16:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) MD5=73F84853274C0F633425B102B4EDD631 -- C:\Windows\System32\drivers\nvrd32.sys
[2008/05/06 16:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) MD5=73F84853274C0F633425B102B4EDD631 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_caf83e5e\nvrd32.sys
[2007/09/11 08:19:20 | 000,123,424 | ---- | M] (NVIDIA Corporation) MD5=F2ABAB0C99237CE4E97478AF2E0438A0 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_8225a48e\nvrd32.sys

<MD5>
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

<MD5>
[2007/12/08 06:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=689A2160B851F8BF88F20728FD2F30BD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a5207023\nvstor32.sys
[2007/09/11 08:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_4b699c67\nvstor32.sys
[2008/05/06 16:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=A136BA7EB1EEBE4B2469F123F4607518 -- C:\DRV\RaidV2\NVSTOR32.SYS
[2008/05/06 16:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=A136BA7EB1EEBE4B2469F123F4607518 -- C:\Windows\System32\drivers\nvstor32.sys
[2008/05/06 16:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=A136BA7EB1EEBE4B2469F123F4607518 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_caf83e5e\nvstor32.sys
[2007/09/11 08:19:18 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=AFD01721DC3297E6715C5F472DD8BCCD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_8225a48e\nvstor32.sys

<MD5>
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

<systemroot>

<systemroot>
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

<systemroot>
<End>
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede floh » 21 Fév 2010, 19:28

Rapport extra.txt :

OTL Extras logfile created on: 21/02/2010 18:46:01 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Laurent\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 73,17 Gb Free Space | 50,71% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 143,91 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 5,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,91 Gb Total Space | 1,58 Gb Free Space | 82,36% Space Free | Partition Type: FAT

Computer Name: LAURENT
Current User Name: Laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1662634129-1214900079-3192163735-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C3A216-F8A4-4839-A31C-3684FDBAA63C}" = rport=445 | protocol=6 | dir=out | app=system |
"{346D7D4B-5E64-44FF-9CEA-19BAF109E8BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C6DDC84-A659-4EDB-B8DC-8FFF6E63611A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7118278B-4CAA-4BA5-924C-F088CDDE3E40}" = lport=138 | protocol=17 | dir=in | app=system |
"{8461ACBB-2EE0-4AD5-A033-A42F7B77573F}" = rport=137 | protocol=17 | dir=out | app=system |
"{9765398E-48D2-43C4-8CC1-E13C87E53FCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A5274FB8-8069-49A9-B83C-F73981E30DBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ABBD9C1F-25DC-4A40-9208-E5706DB7051A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BCFA7341-571F-4DD0-A455-ED9C2EF175A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9FD94D3-69FE-4C5C-BD1B-E68FB68E0B24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F2B9ABD1-2F07-4C3F-A17A-FA2D957F489A}" = rport=138 | protocol=17 | dir=out | app=system |
"{FBBF2E55-60DA-4D3B-A9BD-E86647811C53}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DFD8E72-E66D-4D51-8D7D-B6F2449B1231}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{168BC3A4-484B-4DA4-BE7D-614B8FC06B2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1DFAD979-CFC1-4B03-A4C7-9A7DD7D85A71}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2840E727-5250-4A25-A142-1EFDB2F7E405}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{289148C6-5BC8-4EF9-8034-B1AA3092F9C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AF02B29-63CD-47BC-932D-6F32237BD5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{52D3E15C-8A1C-43FC-9D5E-13157F0FCCC3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{57072285-1559-4EA8-9BA9-D616D959450E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{60BC92D8-3B74-4072-A3DD-D6F418EAF6B5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{60DF001D-7C9D-4E12-A03B-E3CD29452B1C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{716BAC46-D6EB-4F84-872D-1D9EE4F2F308}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{9272E7EA-E5B0-4E65-AA03-61B849992A79}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{932C49F1-7C48-4706-AAE5-486699B816F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{99562CEF-A9DD-4D8B-BFB1-B01D02BF43E4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6440C97-E280-46CB-B651-0B9AC8E16848}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AB91411F-C381-4FB4-8C24-14490A63025A}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{AEDE063B-3257-4D69-9FA3-2598B1FB5FBE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C9E03C8E-FF09-4D1A-8121-994F67A4C18A}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{E94879D2-7A1A-4CE2-90DC-F469FAAB4B7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F75F9BB0-EF06-4C78-A249-995AA6D98F57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F900346-A316-BA88-B83C-2513F1260AD7}" = Reg (DOFUS Audio Subsystem)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}" = Dofus
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76427667-874E-4D08-9BCB-2B5D434639CC}" = Archimede Titanium 2008 AutoProtect_Internet
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E182458E-5796-4736-97A3-3EEC01D1D2D6}" = BitDefender Internet Security 2010
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AstrumNival Allods" = Allods Online 1.0.04.22
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dofus 1.26.0" = Dofus 1.26.0
"Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Dofus
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{76427667-874E-4D08-9BCB-2B5D434639CC}" = Archimede Titanium 2008 AutoProtect_Internet
"InstallShield_{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Reg (DOFUS Audio Subsystem)
"Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online
"SiS163u" = 802.11g Wireless USB 2.0 Adapter
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Installation Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1662634129-1214900079-3192163735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/02/2010 13:11:51 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 05/02/2010 08:18:46 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 06/02/2010 02:15:36 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 12/02/2010 12:02:35 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2010 07:00:20 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2010 09:38:13 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 14/02/2010 07:08:41 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

Error - 14/02/2010 08:33:49 | Computer Name = LAURENT | Source = Application Hang | ID = 1002
Description = Le programme Explorer.EXE version 6.0.6002.18005 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : da8 Heure
de début : 01caad6607e417cb Heure de fin : 7344

Error - 14/02/2010 08:38:09 | Computer Name = LAURENT | Source = Application Hang | ID = 1002
Description = Le programme explorer.exe version 6.0.6002.18005 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 11d4 Heure
de début : 01caad71f5322e3b Heure de fin : 6614

Error - 15/02/2010 06:09:50 | Computer Name = LAURENT | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 18/02/2010 10:36:33 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7000
Description =

Error - 18/02/2010 10:36:33 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7034
Description =

Error - 18/02/2010 10:58:54 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7034
Description =

Error - 18/02/2010 11:53:02 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7000
Description =

Error - 18/02/2010 11:53:02 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7034
Description =

Error - 18/02/2010 14:02:03 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7000
Description =

Error - 18/02/2010 15:14:01 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7000
Description =

Error - 19/02/2010 11:05:30 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7000
Description =

Error - 19/02/2010 11:05:30 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7034
Description =

Error - 21/02/2010 07:14:15 | Computer Name = LAURENT | Source = Service Control Manager | ID = 7000
Description =


<End>
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede nickW » 23 Fév 2010, 01:45

Bonsoir,

Quelques nettoyages, création de nouveaux rapports d'analyse:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur".


Étape 1: Gmer
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 2: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 3: HostsXpert (de FunkyToad)
Télécharger HostsXpert.zip depuis la page:
http://www.funkytoad.com/index.php?opti ... 13&Itemid=
(cliquer sur Click Here to download HostsXpert)
Enregistrer le fichier sur le Bureau.
Décompresser la totalité de l'archive HostsXpert.zip (sous XP: clic droit, puis Extraire tout).

Dans l'Explorateur, ouvrir le dossier HostsXpert qui vient d'être créé sur le Bureau.

Faire un clic droit sur HostsXpert.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer le programme.

*- Dans la colonne de gauche, sous "File Handling", vérifier que le premier bouton affiche "Make ReadOnly?", comme ceci:
Image
Si ce premier bouton affiche "Make Writable?", cliquer une fois dessus de façon à ce qu'il affiche "Make ReadOnly?"

*- Dans la colonne de gauche, cliquer sur le bouton "Restore MS Hosts File"
Image
Dans la petite fenêtre intitulée "Confirm", cliquer sur OK

*- Dans la colonne de gauche, cliquer sur le premier bouton de façon à ce qu'il affiche "Make Writable?", comme ceci:
Image

*- Fermer HostsXpert.


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"


Étape 5: rkill (de Grinler), exécution
Faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.


Étape 6: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 7: Gmer

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers scannés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-100222.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Users\<tonprofil>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Gmer (contenu du fichier gmer-100222.txt)<----ce rapport est souvent très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede floh » 23 Fév 2010, 13:14

fichier rkill :

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Laurent on 23/02/2010 at 12:25:21.


Processes terminated by Rkill or while it was running:


C:\Windows\system32\rundll32.exe
C:\Users\Laurent\Desktop\rkill.pif


Rkill completed on 23/02/2010 at 12:25:32.


Fichier Malwarebytes :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

23/02/2010 12:33:03
mbam-log-2010-02-23 (12-33-03).txt

Type de recherche: Examen rapide
Eléments examinés: 97956
Temps écoulé: 5 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede floh » 23 Fév 2010, 13:21

Rapport Gmer :


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-23 13:02:40
Windows 6.0.6002 Service Pack 2
Running: s10qpb76.exe; Driver: C:\Users\Laurent\AppData\Local\Temp\kgldapob.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [743F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7444A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [743FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [743EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [743F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [743EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74428395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [743FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [743EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [743EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [743E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7447CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7441C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [743ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [743E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [743E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [743F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[396] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EA37C2NV\www.wat.tv.\images.bd.ren 0 bytes
File C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EA37C2NV\www.wat.tv.\images.bd.ren\v30.bd.ren 0 bytes
File C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EA37C2NV\www.wat.tv.\images.bd.ren\v30.bd.ren\PlayerWat.swf.bd.ren 0 bytes
File C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EA37C2NV\www.wat.tv.\images.bd.ren\v30.bd.ren\PlayerWat.swf.bd.ren\playerWatCookie.sol.bd.ren 55 bytes
File C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.wat.tv.\settings.sol.bd.ren 81 bytes

---- EOF - GMER 1.0.15 ----
floh
 
Messages: 8
Inscription: 19 Fév 2010, 19:33

Messagede nickW » 24 Fév 2010, 19:02

Bonsoir,

Les rapports d'analyse ne montrent rien de particulier.

Comment se comporte le PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 19 invités