analyse de log svp

[anty]

Historique du problème:

 

Mon antivirus (antivir) n'arrète pas de me signalé la mise en quarantaine d'un trojan.

 

Cela se passe depuis que j'ai téléchargé un addon pour le jeu World of Worcraft. Depuis, mon compte s'est fait hacké et je suis régulièrement assailli par le cheval de Troie TR/Agent.28160.AC qu'il ne semble pas possible d'éliminer par antivir ou malwarebytes.

 

A l'aide svp

 

Commençons par ceci:

 

Avira AntiVir Personal

Date de création du fichier de rapport : mercredi 6 janvier 2010 18:24

 

La recherche porte sur 1501318 souches de virus.

 

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus

Numéro de série : 0000149996-ADJIE-0000001

Plateforme : Windows XP

Version de Windows : (Service Pack 3) [5.1.2600]

Mode Boot : Démarré normalement

Identifiant : SYSTEM

Nom de l'ordinateur : ANTARES

 

Informations de version :

BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/2009 15:44:17

AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11

LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 15:44:17

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:32:38

VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 17:32:38

VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 17:32:39

VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 17:32:39

VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 17:32:39

VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 17:32:39

VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 17:32:39

VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 17:32:39

VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 17:32:39

VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 17:32:39

VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 17:32:39

VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 17:32:39

VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 17:32:24

VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 17:32:38

VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 17:32:45

VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 17:32:57

VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 17:32:58

VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 17:33:41

VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 19:03:14

VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 17:07:35

VBASE021.VDF : 7.10.2.94 2048 Bytes 29/12/2009 17:07:36

VBASE022.VDF : 7.10.2.95 2048 Bytes 29/12/2009 17:07:36

VBASE023.VDF : 7.10.2.96 2048 Bytes 29/12/2009 17:07:36

VBASE024.VDF : 7.10.2.97 2048 Bytes 29/12/2009 17:07:36

VBASE025.VDF : 7.10.2.98 2048 Bytes 29/12/2009 17:07:36

VBASE026.VDF : 7.10.2.99 2048 Bytes 29/12/2009 17:07:36

VBASE027.VDF : 7.10.2.100 2048 Bytes 29/12/2009 17:07:36

VBASE028.VDF : 7.10.2.101 2048 Bytes 29/12/2009 17:07:36

VBASE029.VDF : 7.10.2.102 2048 Bytes 29/12/2009 17:07:36

VBASE030.VDF : 7.10.2.103 2048 Bytes 29/12/2009 17:07:36

VBASE031.VDF : 7.10.2.126 197120 Bytes 05/01/2010 16:59:33

Version du moteur : 8.2.1.130

AEVDF.DLL : 8.1.1.2 106867 Bytes 21/09/2009 15:48:44

AESCRIPT.DLL : 8.1.3.7 594296 Bytes 06/01/2010 16:59:48

AESCN.DLL : 8.1.3.0 127348 Bytes 10/12/2009 17:32:52

AESBX.DLL : 8.1.1.1 246132 Bytes 19/11/2009 15:44:17

AERDL.DLL : 8.1.3.4 479605 Bytes 01/12/2009 17:32:59

AEPACK.DLL : 8.2.0.4 422263 Bytes 06/01/2010 16:59:46

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 14/08/2009 16:51:45

AEHEUR.DLL : 8.1.0.192 2195833 Bytes 06/01/2010 16:59:44

AEHELP.DLL : 8.1.9.0 237943 Bytes 16/12/2009 17:33:07

AEGEN.DLL : 8.1.1.83 369014 Bytes 06/01/2010 16:59:35

AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 18:37:31

AECORE.DLL : 8.1.9.1 180598 Bytes 10/12/2009 17:32:51

AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30

AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 17:56:08

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57

NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 14/08/2009 16:51:45

RCTEXT.DLL : 9.0.73.0 88321 Bytes 19/11/2009 15:44:16

 

Configuration pour la recherche actuelle :

Nom de la tâche...............................: Contrôle intégral du système

Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp

Documentation.................................: bas

Action principale.............................: supprimer

Action secondaire.............................: ignorer

Recherche sur les secteurs d'amorçage maître..: marche

Recherche sur les secteurs d'amorçage.........: marche

Secteurs d'amorçage...........................: C:, F:, G:,

Recherche dans les programmes actifs..........: marche

Recherche en cours sur l'enregistrement.......: marche

Recherche de Rootkits.........................: marche

Contrôle d'intégrité de fichiers système......: arrêt

Fichier mode de recherche.....................: Tous les fichiers

Recherche sur les archives....................: marche

Limiter la profondeur de récursivité..........: 20

Archive Smart Extensions......................: marche

Heuristique de macrovirus.....................: marche

Heuristique fichier...........................: moyen

Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Début de la recherche : mercredi 6 janvier 2010 18:24

 

La recherche d'objets cachés commence.

'40991' objets ont été contrôlés, '0' objets cachés ont été trouvés.

 

La recherche sur les processus démarrés commence :

Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés

Processus de recherche 'mbam.exe' - '1' module(s) sont contrôlés

Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'FWService.exe' - '1' module(s) sont contrôlés

Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés

Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés

Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés

Processus de recherche 'sgbhp.exe' - '1' module(s) sont contrôlés

Processus de recherche 'sgmain.exe' - '1' module(s) sont contrôlés

Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés

Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés

Processus de recherche 'TTTvRc.exe' - '1' module(s) sont contrôlés

Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés

Processus de recherche 'FirewallGUI.exe' - '1' module(s) sont contrôlés

Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés

Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés

Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés

Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés

Processus de recherche 'E_FATIAEE.EXE' - '1' module(s) sont contrôlés

Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés

Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés

Processus de recherche 'services.exe' - '1' module(s) sont contrôlés

Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés

Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés

Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés

'39' processus ont été contrôlés avec '39' modules

 

La recherche sur les secteurs d'amorçage maître commence :

Secteur d'amorçage maître HD0

[iNFO] Aucun virus trouvé !

 

La recherche sur les secteurs d'amorçage commence :

Secteur d'amorçage 'C:\'

[iNFO] Aucun virus trouvé !

Secteur d'amorçage 'F:\'

[iNFO] Aucun virus trouvé !

Secteur d'amorçage 'G:\'

[iNFO] Aucun virus trouvé !

 

La recherche sur les renvois aux fichiers exécutables (registre) commence :

Le registre a été contrôlé ( '58' fichiers).

 

 

La recherche sur les fichiers sélectionnés commence :

 

Recherche débutant dans 'C:\' <OS>

C:\pagefile.sys

[AVERTISSEMENT] Impossible d'ouvrir le fichier !

[REMARQUE] Ce fichier est un fichier système Windows.

[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100106-181324-D1EB5A08\ARK3.tmp

[RESULTAT] Contient le cheval de Troie TR/Agent.28160.AC

[REMARQUE] Une copie de sécurité a été créée sous le nom 4b8fc7bc.qua ( QUARANTAINE )

[AVERTISSEMENT] Impossible de supprimer le fichier !

[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.

[REMARQUE] Fichier supprimé.

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100106-182402-5A04A4C3\ARK9.tmp

[RESULTAT] Contient le cheval de Troie TR/Agent.28160.AC

[REMARQUE] Une copie de sécurité a été créée sous le nom 4a1a312d.qua ( QUARANTAINE )

[AVERTISSEMENT] Impossible de supprimer le fichier !

[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.

[REMARQUE] Fichier supprimé.

C:\System Volume Information\_restore{45261386-A7E5-498B-A9FA-D3C13C5D9670}\RP485\A0095869.exe

[0] Type d'archive: RAR SFX (self extracting)

--> addons.exe

[RESULTAT] Contient le cheval de Troie TR/Agent.28160.AC

[REMARQUE] Une copie de sécurité a été créée sous le nom 4b74c9d4.qua ( QUARANTAINE )

[REMARQUE] Fichier supprimé.

Recherche débutant dans 'F:\' <USER>

Recherche débutant dans 'G:\' <OTHER>

 

 

Fin de la recherche : mercredi 6 janvier 2010 19:03

Temps nécessaire: 39:38 Minute(s)

 

La recherche a été effectuée intégralement

 

8116 Les répertoires ont été contrôlés

506009 Des fichiers ont été contrôlés

3 Des virus ou programmes indésirables ont été trouvés

0 Des fichiers ont été classés comme suspects

3 Des fichiers ont été supprimés

0 Des virus ou programmes indésirables ont été réparés

3 Les fichiers ont été déplacés dans la quarantaine

0 Les fichiers ont été renommés

1 Impossible de contrôler des fichiers

506005 Fichiers non infectés

3064 Les archives ont été contrôlées

3 Avertissements

4 Consignes

40991 Des objets ont été contrôlés lors du Rootkitscan

0 Des objets cachés ont été trouvés

[anty]

Log de Malwarebytes:

 

Malwarebytes' Anti-Malware 1.43

Version de la base de données: 3502

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

06/01/2010 19:13:24

mbam-log-2010-01-06 (19-13-24).txt

 

Type de recherche: Examen rapide

Eléments examinés: 110158

Temps écoulé: 2 minute(s), 48 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

OTL logfile created on: 06/01/2010 22:48:34 - Run 1

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Anthony\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 11,65 Gb Free Space | 23,85% Space Free | Partition Type: NTFS

Drive D: | 691,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 97,65 Gb Total Space | 50,62 Gb Free Space | 51,83% Space Free | Partition Type: NTFS

Drive G: | 319,15 Gb Total Space | 178,21 Gb Free Space | 55,84% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ANTARES

Current User Name: Anthony

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/01/06 18:43:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

PRC - [2009/12/20 12:28:30 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools) -- F:\Programs\Anti-virus\PC Tools Firewall Plus\FirewallGUI.exe

PRC - [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools) -- F:\Programs\Anti-virus\PC Tools Firewall Plus\FWService.exe

PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/08/18 16:00:45 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/08/14 17:51:45 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/04/21 13:49:06 | 01,409,024 | ---- | M] (NOXON Media GmbH) -- C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe

PRC - [2009/03/02 12:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2007/09/10 21:50:28 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin

PRC - [2007/09/10 21:50:28 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

PRC - [2007/08/28 00:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2006/11/14 10:21:00 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2005/03/07 20:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE

PRC - [2005/02/17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- F:\Programs\Anti-virus\SpywareGuard\sgmain.exe

PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- F:\Programs\Anti-virus\SpywareGuard\sgbhp.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/01/06 18:43:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools) [Auto | Running] -- F:\Programs\Anti-virus\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/08/18 16:00:45 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/08/14 17:51:45 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/04/14 01:12:35 | 00,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys)

SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2007/08/28 00:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2005/11/17 15:18:52 | 01,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2001/08/23 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2009/12/10 18:33:07 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)

DRV - [2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)

DRV - [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)

DRV - [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2009/10/16 16:55:00 | 00,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)

DRV - [2009/08/14 17:51:45 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS)

DRV - [2009/03/30 09:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 11:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/03/14 15:49:18 | 00,054,016 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)

DRV - [2008/03/14 15:49:12 | 00,026,880 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)

DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2007/08/28 00:29:00 | 06,811,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/05/11 16:17:26 | 00,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII)

DRV - [2006/12/14 09:44:06 | 00,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/11/15 07:34:00 | 04,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2003/08/04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)

DRV - [2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 12:17:44 | 00,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

IE - HKU\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

IE - HKU\S-1-5-21-606747145-854245398-839522115-1004\S-1-5-21-606747145-854245398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Armurerie de World of Warcraft"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.7.08.07.28

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 12:28:37 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 12:28:37 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/01 10:41:33 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2008/06/19 17:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Extensions

[2010/01/06 18:08:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions

[2009/12/11 23:00:56 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2008/06/18 18:15:34 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)

[2008/07/29 18:06:58 | 00,000,000 | ---D | M] (Phoenity Modern) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}

[2008/11/28 22:30:37 | 00,002,811 | ---- | M] () -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\nixq37fg.default\searchplugins\armurerie-de-world-of-warcraft.xml

[2010/01/06 18:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/06/14 17:02:35 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2009/06/14 17:02:35 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2009/06/14 17:02:35 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml

[2009/06/14 17:02:35 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2009/06/14 17:02:35 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: (371233 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12798 more lines...

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programs\Anti-virus\SpywareGuard\dlprotect.dll ()

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-606747145-854245398-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [00PCTFW] F:\Programs\Anti-virus\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_CD_DVD_6_TV_Edition\Trayserver.exe (MAGIX AG)

O4 - HKU\S-1-5-21-606747145-854245398-839522115-1004..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (NOXON Media GmbH)

O4 - HKU\S-1-5-21-606747145-854245398-839522115-1004..\Run: [utopia Angel] C:\Utopia\Angel\Angel.exe File not found

O4 - Startup: C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\SpywareGuard.lnk = F:\Programs\Anti-virus\SpywareGuard\sgmain.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-606747145-854245398-839522115-1004\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\DOCUME~1\Anthony\LOCALS~1\Temp\4743ymg.dll) - C:\DOCUME~1\Anthony\LOCALS~1\Temp\4743ymg.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:\Programs\Anti-virus\SpywareGuard\spywareguard.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/12/02 19:25:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/02 19:11:05 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/01/06 18:52:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/01/06 18:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/01/06 18:45:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Anthony\Desktop\erunt-setup.exe

[2010/01/06 18:42:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

[2010/01/06 18:34:10 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Anthony\Desktop\HiJackThis.exe

[2009/12/31 22:19:45 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL

[2009/12/31 16:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\Malwarebytes

[2009/12/31 16:50:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/31 16:50:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/12/31 16:50:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/30 23:24:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/12/30 23:13:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Anthony\Recent

[2009/12/30 22:50:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\PCToolsFirewallPlus

[2009/12/30 19:48:38 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys

[2009/12/30 19:48:38 | 00,056,512 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys

[2009/12/30 19:48:38 | 00,032,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys

[2009/12/30 19:48:35 | 00,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys

[2009/12/30 19:45:53 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2009/12/30 19:45:47 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2009/12/30 19:45:47 | 00,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2009/12/30 19:45:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009/12/30 19:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2007/12/02 19:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2007/12/02 19:25:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2007/12/02 19:25:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/01/06 22:49:51 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\Anthony\ntuser.dat

[2010/01/06 18:50:33 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/01/06 18:50:29 | 00,001,887 | ---- | M] () -- C:\Documents and Settings\Anthony\Application Data\QuickZip45.ini

[2010/01/06 18:48:54 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\NTREGOPT.lnk

[2010/01/06 18:48:54 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\ERUNT.lnk

[2010/01/06 18:45:41 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\erunt-loc_fr.zip

[2010/01/06 18:45:30 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Anthony\Desktop\erunt-setup.exe

[2010/01/06 18:43:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

[2010/01/06 18:34:13 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Anthony\Desktop\HiJackThis.exe

[2010/01/06 17:57:29 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/06 17:57:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/06 17:57:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/06 17:57:23 | 00,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/01/04 20:09:53 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/04 18:33:49 | 00,030,848 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/01/04 17:49:46 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\SpywareGuard.lnk

[2009/12/31 21:57:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\housecall.guid.cache

[2009/12/31 17:22:54 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/12/30 23:32:50 | 00,371,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/28 22:51:25 | 01,574,934 | -H-- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\IconCache.db

[2009/12/11 18:26:25 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/11 18:26:25 | 00,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/11 18:26:25 | 00,067,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/10 22:55:00 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/10 18:33:07 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/01/06 18:50:33 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/01/06 18:48:54 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\NTREGOPT.lnk

[2010/01/06 18:48:54 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\ERUNT.lnk

[2010/01/06 18:45:39 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\erunt-loc_fr.zip

[2010/01/04 17:49:46 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Anthony\Start Menu\Programs\Startup\SpywareGuard.lnk

[2009/12/31 21:57:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\housecall.guid.cache

[2009/12/30 19:48:38 | 00,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat

[2009/12/30 19:48:38 | 00,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat

[2009/12/30 19:48:35 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat

[2009/12/30 19:45:53 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat

[2009/12/30 19:45:47 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat

[2009/12/30 19:45:47 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat

[2008/09/11 22:00:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\AVSDVDPlayer.m3u

[2008/07/29 17:12:21 | 00,000,407 | ---- | C] () -- C:\WINDOWS\horinfgl.ini

[2008/06/28 12:48:48 | 00,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI

[2008/06/18 18:47:44 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini

[2008/05/24 20:10:57 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\fusioncache.dat

[2008/05/17 17:49:48 | 00,001,887 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\QuickZip45.ini

[2008/05/06 20:13:56 | 00,000,058 | ---- | C] () -- C:\WINDOWS\INTER.INI

[2008/03/28 19:35:48 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2008/01/10 19:29:49 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI

[2008/01/01 18:00:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008/01/01 18:00:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008/01/01 18:00:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008/01/01 17:59:04 | 00,000,039 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2007/12/05 14:47:56 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2007/12/05 14:47:54 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/12/05 14:47:54 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007/12/05 14:47:54 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007/12/05 14:47:53 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007/12/05 14:47:53 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/12/04 17:29:12 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/12/04 16:51:05 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2007/12/04 16:50:32 | 00,006,651 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2007/12/03 18:32:46 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/03 13:43:31 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html

[2007/12/03 10:43:37 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/12/02 21:33:20 | 00,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe

[2007/08/28 00:29:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/08/28 00:29:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/08/28 00:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/08/28 00:29:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/08/28 00:29:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11802631

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

[anty]

OTL Extras logfile created on: 06/01/2010 22:48:34 - Run 1

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Anthony\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 11,65 Gb Free Space | 23,85% Space Free | Partition Type: NTFS

Drive D: | 691,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 97,65 Gb Total Space | 50,62 Gb Free Space | 51,83% Space Free | Partition Type: NTFS

Drive G: | 319,15 Gb Total Space | 178,21 Gb Free Space | 55,84% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ANTARES

Current User Name: Anthony

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader

"3724:UDP" = 3724:UDP:*:Enabled:Blizzard Downloader

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec tvtv Setup -- (TerraTec Electronic GmbH)

"C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema -- (TerraTec Electronic GmbH)

"C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe:*:Enabled:TerraTec Auto Update -- File not found

"C:\Program Files\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:TerraTec ChannelEditor -- (TerraTec Electronic GmbH)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)

"F:\Games\Warcraft III\Warcraft III.exe" = F:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"F:\Games\Civilization III\Conquests\Civ3Conquests.exe" = F:\Games\Civilization III\Conquests\Civ3Conquests.exe:*:Disabled:Civ3Conquests -- (© 2001-2003 Atari Inc.)

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"F:\Programs\E-mule\E-Mule 0.49a\emule.exe" = F:\Programs\E-mule\E-Mule 0.49a\emule.exe:*:Enabled:eMule -- File not found

"F:\Games\Cube\bin\cube.exe" = F:\Games\Cube\bin\cube.exe:*:Disabled:cube -- File not found

"F:\Games\Star Wars\Jedi Knight 2\GameData\jk2mp.exe" = F:\Games\Star Wars\Jedi Knight 2\GameData\jk2mp.exe:*:Disabled:jk2mp -- File not found

"F:\Programs\Limewire\LimeWire.exe" = F:\Programs\Limewire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found

"F:\Games\Soldat\Soldat.exe" = F:\Games\Soldat\Soldat.exe:*:Disabled:Soldat -- File not found

"C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- (TerraTec Electronic GmbH)

"F:\Programs\E-mule\E-Mule 0.49b\emule.exe" = F:\Programs\E-mule\E-Mule 0.49b\emule.exe:*:Enabled:eMule -- File not found

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"F:\Games\Counter-strike\CounterStrike2D.exe" = F:\Games\Counter-strike\CounterStrike2D.exe:*:Disabled:CounterStrike2D -- ()

"F:\Games\World of Warcraft Trial\WoW-BurningCrusade-frFR-Installer-downloader.exe" = F:\Games\World of Warcraft Trial\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema (Auto Update) -- File not found

"C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 1a22bc20\Launcher.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 1a22bc20\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found

"C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 56986560\Launcher.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\Blizzard Launcher Temporary - 56986560\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found

"F:\Games\Warcraft III\War3.exe" = F:\Games\Warcraft III\War3.exe:*:Enabled:Warcraft III -- File not found

"F:\Games\Warcraft 3\Warcraft III.exe" = F:\Games\Warcraft 3\Warcraft III.exe:*:Enabled:Warcraft III -- ()

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"F:\Games\Heroes V\bin\H5_Game.exe" = F:\Games\Heroes V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()

"C:\Documents and Settings\Anthony\Local Settings\Temp\{ABF7C273-90C4-4C85-A7CE-06D50D28D3A4}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\{ABF7C273-90C4-4C85-A7CE-06D50D28D3A4}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found

"C:\Documents and Settings\Anthony\Local Settings\Temp\{D0F42366-97A9-4972-8ED7-CD1247613660}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\{D0F42366-97A9-4972-8ED7-CD1247613660}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found

"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"F:\Games\Emulator\GB\Game Boy Color\kigb.exe" = F:\Games\Emulator\GB\Game Boy Color\kigb.exe:*:Enabled:kigb -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 17

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01

"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger

"{BF94147D-68E5-4557-8C88-585028C336AD}" = Watchtower Library 2008 - Français

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests

"{FADB55D0-403F-4413-A268-CF0A6F1185C2}" = OpenOffice.org 2.3

"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer

"0E671B295202E381C44C03CB18D0C7F4C010E46D" = Windows Driver Package - TerraTec Cinergy HT PCI (MKII) (05/14/2007 3.1.1.27)

"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ashampoo AudioCD MP3 Studio 3" = Ashampoo AudioCD MP3 Studio 3

"AVIConverter" = AVIConverter 2.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"B8639A746C17E9D9E2C7F8BFD1E462CB8CD74B0F" = Windows Driver Package - TerraTec (3xHybrid) Media (12/05/2006 1.3.3.5)

"CCleaner" = CCleaner (remove only)

"Discordi_is1" = Discordi

"EPSON Printer and Utilities" = EPSON Logiciel imprimante

"EPSON Scanner" = EPSON Scan

"ERUNT_is1" = ERUNT 1.1j

"Firebird SQL Server F" = Firebird SQL Server - MAGIX Edition

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2

"GameSpy Arcade" = GameSpy Arcade

"HijackThis" = HijackThis 2.0.2

"InternetProgram" = InternetProgram

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full

"MAGIX Movies on CD & DVD TV Edition F" = MAGIX Movies on CD & DVD TV Edition 6.0.3.5 (F)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Maniac Mansion Deluxe" = Maniac Mansion Deluxe

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)

"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0

"POKéGAME32" = POKéMON Simulator 4.5

"Privateer" = Privateer

"Quick Zip_is1" = Quick Zip 4.60.019

"RPG Maker 2003" = RPG Maker 2003

"ShockwaveFlash" = Macromedia Flash Player 8

"SpywareBlaster_is1" = SpywareBlaster 4.2

"SpywareGuard_is1" = SpywareGuard v2.2

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Warcraft III" = Warcraft III

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"World of Warcraft" = World of Warcraft

"Wow Cartographe" = Wow Cartographe 1.08b

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-606747145-854245398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Sweet Home 3D" = Sweet Home 3D

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23/07/2009 13:12:04 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 23/07/2009 14:11:31 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 23/07/2009 14:13:27 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 23/07/2009 14:26:55 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 25/07/2009 05:48:22 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 25/07/2009 06:16:10 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 25/07/2009 06:38:30 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 25/07/2009 07:21:59 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 25/07/2009 07:40:59 | Computer Name = ANTARES | Source = Application Error | ID = 1000

Description = Faulting application heroes3.exe, version 1.0.0.0, faulting module

heroes3.exe, version 1.0.0.0, fault address 0x00150a16.

 

Error - 03/08/2009 12:39:39 | Computer Name = ANTARES | Source = Application Hang | ID = 1002

Description = Hanging application Civ3Conquests.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

[ System Events ]

Error - 04/01/2010 13:27:48 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:50 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:51 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:52 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:53 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:55 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:56 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:57 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:27:58 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 04/01/2010 13:28:00 | Computer Name = ANTARES | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

 

< End of report >

 

Voila, donc merci d'avance pour l'aide et n'hésitez pas a me demander des précisions.