Aller au contenu

anty

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par anty

  1. anty
    OTL Extras logfile created on: 06/01/2010 22:48:34 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Anthony\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 11,65 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive D: | 691,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 97,65 Gb Total Space | 50,62 Gb Free Space | 51,83% Space Free | Partition Type: NTFS Drive G: | 319,15 Gb Total Space | 178,21 Gb Free Space | 55,84% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANTARES Current User Name: Anthony Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader "3724:UDP" = 3724:UDP:*:Enabled:Blizzard Downloader "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec tvtv Setup -- (TerraTec Electronic GmbH) "C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema -- (TerraTec Electronic GmbH) "C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe:*:Enabled:TerraTec Auto Update -- File not found "C:\Program Files\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:TerraTec ChannelEditor -- (TerraTec Electronic GmbH) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "F:\Games\Warcraft III\Warcraft III.exe" = F:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "F:\Games\Civilization III\Conquests\Civ3Conquests.exe" = F:\Games\Civilization III\Conquests\Civ3Conquests.exe:*:Disabled:Civ3Conquests -- (© 2001-2003 Atari Inc.) "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "F:\Programs\E-mule\E-Mule 0.49a\emule.exe" = F:\Programs\E-mule\E-Mule 0.49a\emule.exe:*:Enabled:eMule -- File not found "F:\Games\Cube\bin\cube.exe" = F:\Games\Cube\bin\cube.exe:*:Disabled:cube -- File not found "F:\Games\Star Wars\Jedi Knight 2\GameData\jk2mp.exe" = F:\Games\Star Wars\Jedi Knight 2\GameData\jk2mp.exe:*:Disabled:jk2mp -- File not found "F:\Programs\Limewire\LimeWire.exe" = F:\Programs\Limewire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found "F:\Games\Soldat\Soldat.exe" = F:\Games\Soldat\Soldat.exe:*:Disabled:Soldat -- File not found "C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- (TerraTec Electronic GmbH) "F:\Programs\E-mule\E-Mule 0.49b\emule.exe" = F:\Programs\E-mule\E-Mule 0.49b\emule.exe:*:Enabled:eMule -- File not found "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "F:\Games\Counter-strike\CounterStrike2D.exe" = F:\Games\Counter-strike\CounterStrike2D.exe:*:Disabled:CounterStrike2D -- () "F:\Games\World of Warcraft Trial\WoW-BurningCrusade-frFR-Installer-downloader.exe" = F:\Games\World of Warcraft Trial\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema (Auto Update) -- File not found "C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 1a22bc20\Launcher.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 1a22bc20\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found "C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 56986560\Launcher.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 56986560\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found "F:\Games\Warcraft III\War3.exe" = F:\Games\Warcraft III\War3.exe:*:Enabled:Warcraft III -- File not found "F:\Games\Warcraft 3\Warcraft III.exe" = F:\Games\Warcraft 3\Warcraft III.exe:*:Enabled:Warcraft III -- () "C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "F:\Games\Heroes V\bin\H5_Game.exe" = F:\Games\Heroes V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- () "C:\Documents and Settings\Anthony\Local Settings\Temp\{ABF7C273-90C4-4C85-A7CE-06D50D28D3A4}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\{ABF7C273-90C4-4C85-A7CE-06D50D28D3A4}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found "C:\Documents and Settings\Anthony\Local Settings\Temp\{D0F42366-97A9-4972-8ED7-CD1247613660}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\{D0F42366-97A9-4972-8ED7-CD1247613660}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found "C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "F:\Games\Emulator\GB\Game Boy Color\kigb.exe" = F:\Games\Emulator\GB\Game Boy Color\kigb.exe:*:Enabled:kigb -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 17 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger "{BF94147D-68E5-4557-8C88-585028C336AD}" = Watchtower Library 2008 - Français "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests "{FADB55D0-403F-4413-A268-CF0A6F1185C2}" = OpenOffice.org 2.3 "{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer "0E671B295202E381C44C03CB18D0C7F4C010E46D" = Windows Driver Package - TerraTec Cinergy HT PCI (MKII) (05/14/2007 3.1.1.27) "Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ashampoo AudioCD MP3 Studio 3" = Ashampoo AudioCD MP3 Studio 3 "AVIConverter" = AVIConverter 2.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B8639A746C17E9D9E2C7F8BFD1E462CB8CD74B0F" = Windows Driver Package - TerraTec (3xHybrid) Media (12/05/2006 1.3.3.5) "CCleaner" = CCleaner (remove only) "Discordi_is1" = Discordi "EPSON Printer and Utilities" = EPSON Logiciel imprimante "EPSON Scanner" = EPSON Scan "ERUNT_is1" = ERUNT 1.1j "Firebird SQL Server F" = Firebird SQL Server - MAGIX Edition "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2 "GameSpy Arcade" = GameSpy Arcade "HijackThis" = HijackThis 2.0.2 "InternetProgram" = InternetProgram "KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full "MAGIX Movies on CD & DVD TV Edition F" = MAGIX Movies on CD & DVD TV Edition 6.0.3.5 (F) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Maniac Mansion Deluxe" = Maniac Mansion Deluxe "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0 "POKéGAME32" = POKéMON Simulator 4.5 "Privateer" = Privateer "Quick Zip_is1" = Quick Zip 4.60.019 "RPG Maker 2003" = RPG Maker 2003 "ShockwaveFlash" = Macromedia Flash Player 8 "SpywareBlaster_is1" = SpywareBlaster 4.2 "SpywareGuard_is1" = SpywareGuard v2.2 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Warcraft III" = Warcraft III "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "World of Warcraft" = World of Warcraft "Wow Cartographe" = Wow Cartographe 1.08b "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sweet Home 3D" = Sweet Home 3D ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23/07/2009 13:12:04 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 23/07/2009 14:11:31 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 23/07/2009 14:13:27 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 23/07/2009 14:26:55 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 25/07/2009 05:48:22 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 25/07/2009 06:16:10 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 25/07/2009 06:38:30 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 25/07/2009 07:21:59 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 25/07/2009 07:40:59 | Computer Name = ANTARES | Source = Application Error | ID = 1000 Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module heroes3.exe, version 1.0.0.0, fault address 0x00150a16. Error - 03/08/2009 12:39:39 | Computer Name = ANTARES | Source = Application Hang | ID = 1002 Description = Hanging application Civ3Conquests.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 04/01/2010 13:27:48 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:50 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:51 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:52 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:53 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:55 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:56 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:57 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:27:58 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 04/01/2010 13:28:00 | Computer Name = ANTARES | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. < End of report > Voila, donc merci d'avance pour l'aide et n'hésitez pas a me demander des précisions.
  2. anty
    Log de Malwarebytes: Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3502 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 06/01/2010 19:13:24 mbam-log-2010-01-06 (19-13-24).txt Type de recherche: Examen rapide Eléments examinés: 110158 Temps écoulé: 2 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) OTL logfile created on: 06/01/2010 22:48:34 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Anthony\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 11,65 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive D: | 691,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 97,65 Gb Total Space | 50,62 Gb Free Space | 51,83% Space Free | Partition Type: NTFS Drive G: | 319,15 Gb Total Space | 178,21 Gb Free Space | 55,84% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANTARES Current User Name: Anthony Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/01/06 18:43:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe PRC - [2009/12/20 12:28:30 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools) -- F:\Programs\Anti-virus\PC Tools Firewall Plus\FirewallGUI.exe PRC - [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools) -- F:\Programs\Anti-virus\PC Tools Firewall Plus\FWService.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/08/18 16:00:45 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/08/14 17:51:45 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/04/21 13:49:06 | 01,409,024 | ---- | M] (NOXON Media GmbH) -- C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2009/03/02 12:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2007/09/10 21:50:28 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin PRC - [2007/09/10 21:50:28 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe PRC - [2007/08/28 00:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006/11/14 10:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2005/03/07 20:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE PRC - [2005/02/17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- F:\Programs\Anti-virus\SpywareGuard\sgmain.exe PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- F:\Programs\Anti-virus\SpywareGuard\sgbhp.exe ========== Modules (SafeList) ========== MOD - [2010/01/06 18:43:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools) [Auto | Running] -- F:\Programs\Anti-virus\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/08/18 16:00:45 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/08/14 17:51:45 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/14 01:12:35 | 00,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys) SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2007/08/28 00:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2005/11/17 15:18:52 | 01,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001/08/23 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC) ========== Driver Services (SafeList) ========== DRV - [2009/12/10 18:33:07 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS) DRV - [2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2009/10/16 16:55:00 | 00,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw) DRV - [2009/08/14 17:51:45 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS) DRV - [2009/03/30 09:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 11:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/03/14 15:49:18 | 00,054,016 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate) DRV - [2008/03/14 15:49:12 | 00,026,880 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software) DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/08/28 00:29:00 | 06,811,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007/05/11 16:17:26 | 00,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII) DRV - [2006/12/14 09:44:06 | 00,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006/11/15 07:34:00 | 04,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2003/08/04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 12:17:44 | 00,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com IE - HKU\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr IE - HKU\S-1-5-21-606747145-854245398-839522115-1004\S-1-5-21-606747145-854245398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Armurerie de World of Warcraft" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.7.08.07.28 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 12:28:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 12:28:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/01 10:41:33 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/06/19 17:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Extensions [2010/01/06 18:08:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions [2009/12/11 23:00:56 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2008/06/18 18:15:34 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2008/07/29 18:06:58 | 00,000,000 | ---D | M] (Phoenity Modern) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA} [2008/11/28 22:30:37 | 00,002,811 | ---- | M] () -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\searchplugins\armurerie-de-world-of-warcraft.xml [2010/01/06 18:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/06/14 17:02:35 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2009/06/14 17:02:35 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/06/14 17:02:35 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2009/06/14 17:02:35 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2009/06/14 17:02:35 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: (371233 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 12798 more lines... O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programs\Anti-virus\SpywareGuard\dlprotect.dll () O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-606747145-854245398-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [00PCTFW] F:\Programs\Anti-virus\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_CD_DVD_6_TV_Edition\Trayserver.exe (MAGIX AG) O4 - HKU\S-1-5-21-606747145-854245398-839522115-1004..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (NOXON Media GmbH) O4 - HKU\S-1-5-21-606747145-854245398-839522115-1004..\Run: [utopia Angel] C:\Utopia\Angel\Angel.exe File not found O4 - Startup: C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\SpywareGuard.lnk = F:\Programs\Anti-virus\SpywareGuard\sgmain.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-606747145-854245398-839522115-1004\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\DOCUME~1\Anthony\LOCALS~1\Temp\4743ymg.dll) - C:\DOCUME~1\Anthony\LOCALS~1\Temp\4743ymg.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:\Programs\Anti-virus\SpywareGuard\spywareguard.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/12/02 19:25:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/02 19:11:05 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010/01/06 18:52:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/01/06 18:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/01/06 18:45:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Anthony\Desktop\erunt-setup.exe [2010/01/06 18:42:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe [2010/01/06 18:34:10 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Anthony\Desktop\HiJackThis.exe [2009/12/31 22:19:45 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL [2009/12/31 16:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\Malwarebytes [2009/12/31 16:50:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/31 16:50:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/31 16:50:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/30 23:24:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/12/30 23:13:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Anthony\Recent [2009/12/30 22:50:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\PCToolsFirewallPlus [2009/12/30 19:48:38 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys [2009/12/30 19:48:38 | 00,056,512 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys [2009/12/30 19:48:38 | 00,032,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys [2009/12/30 19:48:35 | 00,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys [2009/12/30 19:45:53 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009/12/30 19:45:47 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/12/30 19:45:47 | 00,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009/12/30 19:45:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009/12/30 19:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2007/12/02 19:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2007/12/02 19:25:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2007/12/02 19:25:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/06 22:49:51 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\Anthony\ntuser.dat [2010/01/06 18:50:33 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/01/06 18:50:29 | 00,001,887 | ---- | M] () -- C:\Documents and Settings\Anthony\Application Data\QuickZip45.ini [2010/01/06 18:48:54 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\NTREGOPT.lnk [2010/01/06 18:48:54 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\ERUNT.lnk [2010/01/06 18:45:41 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\erunt-loc_fr.zip [2010/01/06 18:45:30 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Anthony\Desktop\erunt-setup.exe [2010/01/06 18:43:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe [2010/01/06 18:34:13 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Anthony\Desktop\HiJackThis.exe [2010/01/06 17:57:29 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/06 17:57:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/06 17:57:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/06 17:57:23 | 00,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/01/04 20:09:53 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/04 18:33:49 | 00,030,848 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/01/04 17:49:46 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\SpywareGuard.lnk [2009/12/31 21:57:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\housecall.guid.cache [2009/12/31 17:22:54 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/12/30 23:32:50 | 00,371,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/28 22:51:25 | 01,574,934 | -H-- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\IconCache.db [2009/12/11 18:26:25 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/11 18:26:25 | 00,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/11 18:26:25 | 00,067,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/10 22:55:00 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/12/10 18:33:07 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/06 18:50:33 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/01/06 18:48:54 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\NTREGOPT.lnk [2010/01/06 18:48:54 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\ERUNT.lnk [2010/01/06 18:45:39 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\erunt-loc_fr.zip [2010/01/04 17:49:46 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\SpywareGuard.lnk [2009/12/31 21:57:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\housecall.guid.cache [2009/12/30 19:48:38 | 00,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat [2009/12/30 19:48:38 | 00,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat [2009/12/30 19:48:35 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat [2009/12/30 19:45:53 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat [2009/12/30 19:45:47 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat [2009/12/30 19:45:47 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2008/09/11 22:00:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\AVSDVDPlayer.m3u [2008/07/29 17:12:21 | 00,000,407 | ---- | C] () -- C:\WINDOWS\horinfgl.ini [2008/06/28 12:48:48 | 00,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI [2008/06/18 18:47:44 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini [2008/05/24 20:10:57 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\fusioncache.dat [2008/05/17 17:49:48 | 00,001,887 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\QuickZip45.ini [2008/05/06 20:13:56 | 00,000,058 | ---- | C] () -- C:\WINDOWS\INTER.INI [2008/03/28 19:35:48 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008/01/10 19:29:49 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2008/01/01 18:00:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008/01/01 18:00:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008/01/01 18:00:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008/01/01 17:59:04 | 00,000,039 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2007/12/05 14:47:56 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007/12/05 14:47:54 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/12/05 14:47:54 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/12/05 14:47:54 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/12/05 14:47:53 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/12/05 14:47:53 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007/12/04 17:29:12 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/12/04 16:51:05 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2007/12/04 16:50:32 | 00,006,651 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2007/12/03 18:32:46 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/03 13:43:31 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html [2007/12/03 10:43:37 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/12/02 21:33:20 | 00,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe [2007/08/28 00:29:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/08/28 00:29:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/08/28 00:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/08/28 00:29:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/08/28 00:29:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11802631 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >
  3. anty
    Historique du problème: Mon antivirus (antivir) n'arrète pas de me signalé la mise en quarantaine d'un trojan. Cela se passe depuis que j'ai téléchargé un addon pour le jeu World of Worcraft. Depuis, mon compte s'est fait hacké et je suis régulièrement assailli par le cheval de Troie TR/Agent.28160.AC qu'il ne semble pas possible d'éliminer par antivir ou malwarebytes. A l'aide svp Commençons par ceci: Avira AntiVir Personal Date de création du fichier de rapport : mercredi 6 janvier 2010 18:24 La recherche porte sur 1501318 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : ANTARES Informations de version : BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/2009 15:44:17 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 15:44:17 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:32:38 VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 17:32:38 VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 17:32:39 VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 17:32:39 VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 17:32:39 VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 17:32:39 VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 17:32:39 VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 17:32:39 VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 17:32:39 VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 17:32:39 VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 17:32:39 VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 17:32:39 VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 17:32:24 VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 17:32:38 VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 17:32:45 VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 17:32:57 VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 17:32:58 VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 17:33:41 VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 19:03:14 VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 17:07:35 VBASE021.VDF : 7.10.2.94 2048 Bytes 29/12/2009 17:07:36 VBASE022.VDF : 7.10.2.95 2048 Bytes 29/12/2009 17:07:36 VBASE023.VDF : 7.10.2.96 2048 Bytes 29/12/2009 17:07:36 VBASE024.VDF : 7.10.2.97 2048 Bytes 29/12/2009 17:07:36 VBASE025.VDF : 7.10.2.98 2048 Bytes 29/12/2009 17:07:36 VBASE026.VDF : 7.10.2.99 2048 Bytes 29/12/2009 17:07:36 VBASE027.VDF : 7.10.2.100 2048 Bytes 29/12/2009 17:07:36 VBASE028.VDF : 7.10.2.101 2048 Bytes 29/12/2009 17:07:36 VBASE029.VDF : 7.10.2.102 2048 Bytes 29/12/2009 17:07:36 VBASE030.VDF : 7.10.2.103 2048 Bytes 29/12/2009 17:07:36 VBASE031.VDF : 7.10.2.126 197120 Bytes 05/01/2010 16:59:33 Version du moteur : 8.2.1.130 AEVDF.DLL : 8.1.1.2 106867 Bytes 21/09/2009 15:48:44 AESCRIPT.DLL : 8.1.3.7 594296 Bytes 06/01/2010 16:59:48 AESCN.DLL : 8.1.3.0 127348 Bytes 10/12/2009 17:32:52 AESBX.DLL : 8.1.1.1 246132 Bytes 19/11/2009 15:44:17 AERDL.DLL : 8.1.3.4 479605 Bytes 01/12/2009 17:32:59 AEPACK.DLL : 8.2.0.4 422263 Bytes 06/01/2010 16:59:46 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 14/08/2009 16:51:45 AEHEUR.DLL : 8.1.0.192 2195833 Bytes 06/01/2010 16:59:44 AEHELP.DLL : 8.1.9.0 237943 Bytes 16/12/2009 17:33:07 AEGEN.DLL : 8.1.1.83 369014 Bytes 06/01/2010 16:59:35 AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 18:37:31 AECORE.DLL : 8.1.9.1 180598 Bytes 10/12/2009 17:32:51 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 17:56:08 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 14/08/2009 16:51:45 RCTEXT.DLL : 9.0.73.0 88321 Bytes 19/11/2009 15:44:16 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: supprimer Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, F:, G:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : mercredi 6 janvier 2010 18:24 La recherche d'objets cachés commence. '40991' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'mbam.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'FWService.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sgbhp.exe' - '1' module(s) sont contrôlés Processus de recherche 'sgmain.exe' - '1' module(s) sont contrôlés Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés Processus de recherche 'TTTvRc.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'FirewallGUI.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'E_FATIAEE.EXE' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '39' processus ont été contrôlés avec '39' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'F:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'G:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '58' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <OS> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100106-181324-D1EB5A08\ARK3.tmp [RESULTAT] Contient le cheval de Troie TR/Agent.28160.AC [REMARQUE] Une copie de sécurité a été créée sous le nom 4b8fc7bc.qua ( QUARANTAINE ) [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Fichier supprimé. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100106-182402-5A04A4C3\ARK9.tmp [RESULTAT] Contient le cheval de Troie TR/Agent.28160.AC [REMARQUE] Une copie de sécurité a été créée sous le nom 4a1a312d.qua ( QUARANTAINE ) [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Fichier supprimé. C:\System Volume Information\_restore{45261386-A7E5-498B-A9FA-D3C13C5D9670}\RP485\A0095869.exe [0] Type d'archive: RAR SFX (self extracting) --> addons.exe [RESULTAT] Contient le cheval de Troie TR/Agent.28160.AC [REMARQUE] Une copie de sécurité a été créée sous le nom 4b74c9d4.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. Recherche débutant dans 'F:\' <USER> Recherche débutant dans 'G:\' <OTHER> Fin de la recherche : mercredi 6 janvier 2010 19:03 Temps nécessaire: 39:38 Minute(s) La recherche a été effectuée intégralement 8116 Les répertoires ont été contrôlés 506009 Des fichiers ont été contrôlés 3 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 3 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 3 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 506005 Fichiers non infectés 3064 Les archives ont été contrôlées 3 Avertissements 4 Consignes 40991 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés
×
×
  • Créer...